In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 01:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2022-04-01T00:00:00
Updated: 2024-08-03T03:28:42.845Z
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22963
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-04-01T23:15:13.663
Modified: 2024-06-28T14:08:19.670
Link: CVE-2022-22963
Redhat