6597 matches found
Exploit for Code Injection in Vmware Spring_Framework
CVE-2022-22965 poc CVE-2022-22965 poc including reverse-shell...
CVE-2022-22965
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
CVE-2022-22963
A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls. Mitigation...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +11850 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-web (>=1.0.0.RELEASE <=2.5.11)
org.springframework.boot:spring-boot-starter-web MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.0.12, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =1.4.2, =1.6.6, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =Greenwich.SR2.1 and more Source cves: CVE-2022-22965 Source advisory:...
africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +3605 more potentially affected by CVE-2022-22965 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.17)
org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =1.1.0, =1.13.0, =2.2.0 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.21) +896 more potentially affected by CVE-2022-22965 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.2.1.RELEASE)
org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =j8.2.3.0, =0.0.1, =2.1.2.RELEASE, =2.0.2, =0.5.0, =3.1.64, =3.1.37, =3.1.13, =3.1.64, =3.1.64, =3.1.64, =3.1.64, =3.1.165 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +710 more potentially affected by CVE-2022-22965 via org.springframework:spring-webflux (>=5.3.0 <=5.3.17)
org.springframework:spring-webflux MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.7, =1.0.1, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.313 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +2343 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-web (>=2.6.0 <=2.6.5)
org.springframework.boot:spring-boot-starter-web MAVEN version =2.6.0, =4.4.0.2, =j11.2.6.0, =1.2.5.RELEASE, =0.1.2, =5.7.7, =5.7.7, =5.7.7, =1.0.0, =1.0.2, =1.0.0, =3.1.305, =3.1.305, =3.1.313 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
Remote Code Execution in Spring Framework
Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +41098 more potentially affected by CVE-2022-22965 via org.springframework:spring-beans (>=1.2 <=5.2.1.RELEASE)
org.springframework:spring-beans MAVEN version =1.2, =1.1, =1.3, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.51 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +10205 more potentially affected by CVE-2022-22965 via org.springframework:spring-beans (>=5.3.0 <=5.3.17)
org.springframework:spring-beans MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.24) +1082 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.0.0.RELEASE <=2.5.11)
org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =2.1.2.RELEASE, =1.3, =0.5.0, =3.1.37, =3.1.13, =3.1.85, =3.1.13, =3.1.13, =3.1.295 - ch.mobi.mobitor:mobitor-doc =3.1.13 - city.smartb.f2:f2-spring-boot-starter-function-http...
RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +15194 more potentially affected by CVE-2022-22965 via org.springframework:spring-webmvc (>=1.2.1 <=5.2.1.RELEASE)
org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =4.4.0.0, =0.1.6, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.1.1, =j8.2.3.0, =j8.2.3.0, =Finchley.SR2.SR1, =Finchley.SR4, =Greenwich.SR2.1 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
ai.ylyue:yue-library-webflux (=j11.2.6.0), ca.gc.cyber.ops:assemblyline-java-client (>=1.7 <=1.8) +544 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.6.0 <=2.6.5)
org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.6.0, =1.7, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =0.2.2, =1.1.3, =1.1.3, =3.12.0, =5.1.1-jdk1.8, =5.1.1-jdk1.8, =5.1.2-jdk1.8 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
GHSA-36P3-WJMG-H94X Remote Code Execution in Spring Framework
Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...
Exploit for Code Injection in Vmware Spring_Framework
Simple Spring4Shell POC ----------------------- Check if end...
Spring Cloud Function SpEL Injection
Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attack...
Exploit for Code Injection in Vmware Spring_Framework
SaferPoCCVE-2022-22965 A Safer PoC for CVE-2022-22965 Sprin...
Exploit for Code Injection in Vmware Spring_Framework
CVE-2022-22965 aka "Spring4Shell" Vulnerabilidad RCE en Spri...
Exploit for Code Injection in Vmware Spring_Framework
Spring Framework RCE exploitation Quick pentest notes...