Lucene search
+L

23 matches found

redhatcve
redhatcve
added 2026/01/09 9:14 a.m.8 views

CVE-2022-23464

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

7.5CVSS6.8AI score0.00613EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-6910

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01804EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6840

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00613EPSS
Exploits1References4
cnvd
cnvd
added 2022/09/28 12:0 a.m.37 views

Nepxion Discovery Remote Code Execution Vulnerability

Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...

9.8CVSS4AI score0.01804EPSS
Exploits1References1
osv
osv
added 2022/09/25 12:0 a.m.28 views

GHSA-Q979-9M39-23MQ Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.4CVSS9.7AI score0.01804EPSS
Exploits1References3
osv
osv
added 2022/09/25 12:0 a.m.25 views

GHSA-HHXH-QPHC-V423 Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

4.3CVSS5.6AI score0.00613EPSS
Exploits1References3
github
github
added 2022/09/25 12:0 a.m.26 views

Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.8CVSS2.9AI score0.01804EPSS
Exploits1References3Affected Software1
github
github
added 2022/09/25 12:0 a.m.25 views

Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

7.5CVSS2AI score0.00613EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2022/09/24 5:15 a.m.24 views

CVE-2022-23464

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

7.5CVSS0.00613EPSS
Exploits1References1
nvd
nvd
added 2022/09/24 5:15 a.m.42 views

CVE-2022-23463

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.8CVSS0.01804EPSS
Exploits1References1
prion
prion
added 2022/09/24 5:15 a.m.14 views

Design/Logic Flaw

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

7.5CVSS9.8AI score0.01804EPSS
Exploits1References1Affected Software1
prion
prion
added 2022/09/24 5:15 a.m.19 views

Server side request forgery (ssrf)

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

5CVSS7.5AI score0.00613EPSS
Exploits1References1Affected Software1
cve
cve
added 2022/09/24 4:40 a.m.120 views

CVE-2022-23463

Nepxion Discovery (Spring Cloud integration) is affected by a SpEL Injection in discovery-commons. The DiscoveryExpressionResolver’s eval method evaluates expressions with a StandardEvaluationContext, which can reach Java classes such as java.lang.Runtime and leads to Remote Code Execution. Repor...

9.8CVSS9.8AI score0.01804EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2022/09/24 4:40 a.m.44 views

CVE-2022-23463 SpEL Injection in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.4CVSS10AI score0.01804EPSS
Exploits1References1
osv
osv
added 2022/09/24 4:40 a.m.25 views

CVE-2022-23463 SpEL Injection in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.4CVSS9.5AI score0.01804EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2022/09/24 4:40 a.m.7 views

CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

4.3CVSS7.7AI score0.00613EPSS
Exploits1References1
cvelist
cvelist
added 2022/09/24 4:40 a.m.32 views

CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

4.3CVSS7.7AI score0.00613EPSS
Exploits1References1
osv
osv
added 2022/09/24 4:40 a.m.25 views

CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

4.3CVSS7.4AI score0.00613EPSS
Exploits1References3
cve
cve
added 2022/09/24 4:40 a.m.93 views

CVE-2022-23464

CVE-2022-23464 affects Nepxion Discovery (Spring Cloud) with SSRF in RouterResourceImpl via RestTemplate.getForEntity on user-controlled URL, potentially causing information disclosure. No patch or workarounds are documented in the provided sources; exploitation status is not detailed.

7.5CVSS5.7AI score0.00613EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2022/09/24 12:0 a.m.5 views

Nepxion 代码问题漏洞

Nepxion is a China Nepxion open source based on Spring & Spring Boot & Spring Cloud framework. Nepxion Discovery There is a code issue vulnerability , the vulnerability stems from the vulnerability to potential server-side request forgery SSRF attacks , the attacker can use the vulnerability can...

7.5CVSS7.4AI score0.00613EPSS
Exploits1References2
Rows per page
Query Builder