virus logo Web Application Firewall

Spring.Cloud.Function.Routing.Expression.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt against a Remote Code Execution vulnerability in Spring Cloud Function when using routing functionality.
The vulnerability is caused by improper handling of a crafted HTTP request. A remote authenticated attacker may be able to exploit this to execute arbitrary remote code within the context of the application, via a crafted HTTP request.

description-logoOutbreak Alert

In Spring Cloud Function versions 3.2.2, 3.1.6, and older versions, it is possible for an attacker to provide a specially crafted malicious expression that may result in remote code execution and access to local resources. With CVSS base score of 9.8 and publicly available proof of concept, this vulnerability should be seriously attended.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22963

Version Updates

Date Version Detail
2022-03-31 1.00033

CVE References

CVE-2022-22963
ID 1002017264
Created Mar 31, 2022
Updated Mar 31, 2022
Outbreak Alert VMware Spring Cloud Function
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Default Action pass
Active
Affected OS Windows, Linux, MacOS
Affected App Other