23 matches found
CVE-2022-23464
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...
EUVD-2022-6910
Malicious code in bioql PyPI...
EUVD-2022-6840
Malicious code in bioql PyPI...
Nepxion Discovery Remote Code Execution Vulnerability
Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...
GHSA-Q979-9M39-23MQ Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
GHSA-HHXH-QPHC-V423 Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...
CVE-2022-23464
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...
CVE-2022-23463
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
Design/Logic Flaw
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
Server side request forgery (ssrf)
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...
CVE-2022-23463
Nepxion Discovery (Spring Cloud integration) is affected by a SpEL Injection in discovery-commons. The DiscoveryExpressionResolver’s eval method evaluates expressions with a StandardEvaluationContext, which can reach Java classes such as java.lang.Runtime and leads to Remote Code Execution. Repor...
CVE-2022-23463 SpEL Injection in Nepxion Discovery
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
CVE-2022-23463 SpEL Injection in Nepxion Discovery
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...
CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...
CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...
CVE-2022-23464
CVE-2022-23464 affects Nepxion Discovery (Spring Cloud) with SSRF in RouterResourceImpl via RestTemplate.getForEntity on user-controlled URL, potentially causing information disclosure. No patch or workarounds are documented in the provided sources; exploitation status is not detailed.
Nepxion 代码问题漏洞
Nepxion is a China Nepxion open source based on Spring & Spring Boot & Spring Cloud framework. Nepxion Discovery There is a code issue vulnerability , the vulnerability stems from the vulnerability to potential server-side request forgery SSRF attacks , the attacker can use the vulnerability can...