CVE-2022-22963

2022-04-01T23:15:00
ID CVE-2022-22963
Type cve
Reporter security@vmware.com
Modified 2022-04-20T00:16:00

Description

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.