Spring.Cloud.Function.Routing.Expression.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt against a Remote Code Execution vulnerability in Spring Cloud Function when using routing functionality.
The vulnerability is caused by improper handling of a crafted HTTP request. A remote authenticated attacker may be able to exploit this to execute arbitrary remote code within the context of the application, via a crafted HTTP request.

description-logoOutbreak Alert

In Spring Cloud Function versions 3.2.2, 3.1.6, and older versions, it is possible for an attacker to provide a specially crafted malicious expression that may result in remote code execution and access to local resources. With CVSS base score of 9.8 and publicly available proof of concept, this vulnerability should be seriously attended.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22963

Version Updates

Date Version Detail
2022-04-19 0.00318

CVE References

CVE-2022-22963