Lucene search
China National Vulnerability DatabaseCNVD-2022-88815HistorySep 28, 2022 - 12:00 a.m.
Nepxion Discovery Remote Code Execution Vulnerability
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
22
nepxion discovery
remote code execution
middleware
service discovery
spring cloud
vulnerability
input validation
spel injection
attack
exploitation
cnvd
0.004 Low
EPSS
Percentile
73.7%
Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL injection attacks The vulnerability can be exploited by an attacker to cause remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nepxion discovery | le | 6.16.2 |
Related
checkpoint_advisories
checkpoint_advisories
Java Server Pages Backdoor (CVE-2022-23463)
2021-03-20 00:00:00
cve
cve
CVE-2022-23463
2022-09-24 05:15:08
nvd
nvd
CVE-2022-23463
2022-09-24 05:15:08
cvelist
cvelist
CVE-2022-23463 SpEL Injection in Nepxion Discovery
2022-09-24 04:40:12
prion
prion
Design/Logic Flaw
2022-09-24 05:15:00
osv
osv
CVE-2022-23463
2022-09-24 05:15:08
github
github
veracode
veracode
Spring Expression Language (SpEL) Injection
2022-09-27 09:13:24