Lucene search
K

115 matches found

Veracode
Veracode
added 2022/03/31 1:51 a.m.135 views

Remote Code Execution

spring-cloud-function-context is vulnerable to remote code execution. The routing functionality allows a user to provide a malicious SpEL as a routing-expression which would allow arbitrary OS commands to be executed remotely...

9.8CVSS4.7AI score0.99939EPSS
Exploits36References7Affected Software2
0day.today
0day.today
added 2022/03/31 12:0 a.m.329 views

Spring Cloud Function SpEL Injection Exploit

Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attack...

9.8CVSS0.6AI score0.99939EPSS
Exploits36
Packet Storm
Packet Storm
added 2022/03/31 12:0 a.m.381 views

Spring Cloud Function SpEL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Function SpEL Injection', 'Description' = %q Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code...

0.2AI score0.99939EPSS
Exploits36
BDU FSTEC
BDU FSTEC
added 2022/03/31 12:0 a.m.6 views

The vulnerability of the Spring module routing mechanism, which facilitates business logic through Spring Cloud Function services, allows attackers to gain unauthorized access to local resources or cause service failures.

The vulnerability of the Spring module routing mechanism for promoting business logic using Spring Cloud Function is related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability can allow an attacker to...

6.4CVSS7.8AI score0.99939EPSS
Exploits36References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/31 12:0 a.m.52 views

Spring Cloud Function < 3.1.7 / 3.2.X < 3.2.3 Remote Code Execution

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in access to local resources. No source data...

9.8CVSS9.4AI score0.99939EPSS
Exploits36References3
Tenable Nessus
Tenable Nessus
added 2022/03/31 12:0 a.m.417 views

Spring Cloud Function SPEL Expression Injection (direct check)

Binary data springcloudCVE-2022-22963.nbin...

9.8CVSS9.9AI score0.99939EPSS
Exploits36References4
Check Point Advisories
Check Point Advisories
added 2022/03/31 12:0 a.m.21 views

Spring Cloud Function Remote Code Execution (CVE-2022-22963)

A remote code execution vulnerability exists in Spring Cloud Function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.6AI score0.99939EPSS
Exploits36
ThreatPost
ThreatPost
added 2022/03/30 6:4 p.m.476 views

RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn

NOTE: This post is about the confirmed and patched vulnerability tracked as CVE-2022-22963. While the researchers at Sysdig refer to this Spring Cloud bug as “Spring4Shell,” it should be noted that there is some confusion as to what to call it, with another security firm referring to a different,...

9.8CVSS9.2AI score0.99939EPSS
Exploits36References9
GithubExploit
GithubExploit
added 2022/03/30 5:37 p.m.421 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 RCE PoC Minimal example to reproduce CVE-2022-...

9.8CVSS9.8AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2022/03/30 11:36 a.m.338 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 Spring-Cloud-Function-SpELRCE漏...

9.8CVSS9.6AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2022/03/30 5:4 a.m.766 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for Englis...

9.8CVSS9.6AI score0.99939EPSS
Exploits36
Spring Security Advisories
Spring Security Advisories
added 2022/03/30 12:53 a.m.145 views

CVE report published for Spring Cloud Function

We have released Spring Cloud Function 3.1.7 & 3.2.3 to address the following CVE report. CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression Please review the information in the CVE report and upgrade immediately...

7.5CVSS3AI score0.99939EPSS
Exploits36
NCSC
NCSC
added 2022/03/30 12:0 a.m.7 views

Vulnerability fixed in Spring Cloud Function

A vulnerability has been fixed in Spring Cloud Function. A malicious party could potentially exploit the vulnerability to execute arbitrary code under application privileges. Spring Cloud Function is a complementary library for Spring Cloud, but is made available separately from the Spring...

9.8CVSS7.4AI score0.99939EPSS
Exploits36
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.8 views

PT-2022-2029

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions Description The issue is related to a remote code execution vulnerability in Spring Cloud Function when using routing functionality. It is possible for a user to provid...

9.8CVSS9.8AI score0.99939EPSS
Exploits36References65
CNVD
CNVD
added 2022/03/25 12:0 a.m.9 views

SPEL Expression Injection Vulnerability in Spring Cloud Function

Spring Cloud Function is a functional computing framework based on Spring Boot.Spring Cloud Function is vulnerable to SPEL expression injection, which can be exploited by attackers to perform injection attacks remotely via SPEL expression injection...

4.7AI score
Exploits0References1
Rows per page
Query Builder