In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 29 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-08-25'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 01:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2025-07-30T01:37:44.815Z

Reserved: 2022-01-10T00:00:00.000Z

Link: CVE-2022-22963

cve-icon Vulnrichment

Updated: 2024-08-03T03:28:42.845Z

cve-icon NVD

Status : Analyzed

Published: 2022-04-01T23:15:13.663

Modified: 2025-03-13T16:36:53.717

Link: CVE-2022-22963

cve-icon Redhat

Severity : Critical

Publid Date: 2022-03-29T00:00:00Z

Links: CVE-2022-22963 - Bugzilla

cve-icon OpenCVE Enrichment

No data.