The vulnerability exists in the RedisFilterExpressionConverter of spring-ai-redis-store, where the stringValue() method inserts user-controlled input directly into the @field:{VALUE} RediSearch TAG block without escaping special characters. This improper handling can lead to unintended query behavior or information disclosure. The affected versions are Spring AI 1.0.0 up to but not including 1.0.5, and 1.1.0 up to but not including 1.1.4. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates the vulnerability is remotely exploitable without privileges or user interaction, causing high confidentiality impact.

Successful exploitation could allow an attacker to manipulate RediSearch TAG queries by injecting crafted strings, potentially leading to unauthorized access to sensitive data. The confidentiality of the system is at high risk, while integrity and availability are not impacted according to the CVSS vector. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid passing untrusted user input directly as filter values for TAG fields in spring-ai-redis-store or implement manual input validation and escaping to mitigate injection risks.