3 matches found
CVE-2022-23463
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
CVE-2022-23463
Nepxion Discovery (Spring Cloud integration) is affected by a SpEL Injection in discovery-commons. The DiscoveryExpressionResolver’s eval method evaluates expressions with a StandardEvaluationContext, which can reach Java classes such as java.lang.Runtime and leads to Remote Code Execution. Repor...
Java Server Pages Backdoor (CVE-2022-23463)
A generic backdoor exists in Java server pages. The vulnerability is due to lack of user input sanitation. Successful exploitation of this vulnerability might allow an attacker to execute arbitrary code on the affected system...