Lucene search
K

115 matches found

vulnersOsv
vulnersOsv
added 2022/04/03 12:0 a.m.5 views

ai.hyacinth.framework:core-service-bus-support (>=0.5.0 <=0.5.24), cc.vihackerframework:vihacker-kafka-starter (>=1.0.4.R <=1.0.6.R) +815 more potentially affected by CVE-2022-22963 via org.springframework.cloud:spring-cloud-function-context (>=1.0.0.RELEASE <=3.1.6)

org.springframework.cloud:spring-cloud-function-context MAVEN version =1.0.0.RELEASE, =0.5.0, =1.0.4.R, =1.0.6.R - ch.voulgarakis:spring-cloud-stream-binder-jms =1.0.0.RELEASE - city.smartb.f2:f2-spring-boot-starter-function =0.1.0 - city.smartb.f2:f2-spring-boot-starter-function-http =0.1.0 -...

9.8CVSS7.2AI score0.99939EPSS
Exploits36
OSV
OSV
added 2022/04/03 12:0 a.m.3 views

GHSA-6V73-FGF6-W5J7 Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS7.7AI score0.99939EPSS
Exploits36References9
Github Security Blog
Github Security Blog
added 2022/04/03 12:0 a.m.87 views

Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS4.8AI score0.99939EPSS
Exploits36References9Affected Software1
SonicWall
SonicWall
added 2022/04/02 6:13 p.m.15 views

Spring Remote Code Execution: CVE-2022-22963 and CVE-2022-22965

SonicWall PSIRT is tracking two critical vulnerabilities impacting the Spring Framework. This advisory is intended to address both. 1CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring ExpressionIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported...

9.8CVSS10AI score0.99939EPSS
Exploits131
Cisco
Cisco
added 2022/04/01 11:45 p.m.111 views

Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022

On March 29, 2022, the following critical vulnerability in the Spring Cloud Function Framework affecting releases 3.1.6, 3.2.2, and older unsupported releases was disclosed: CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression For a description of this...

9.8CVSS9.8AI score0.99939EPSS
Exploits36References1
OSV
OSV
added 2022/04/01 11:15 p.m.40 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS9.6AI score0.99939EPSS
Exploits36References7
NVD
NVD
added 2022/04/01 11:15 p.m.25 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS0.99939EPSS
Exploits36References7
Prion
Prion
added 2022/04/01 11:15 p.m.39 views

Remote code execution

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

7.5CVSS9.4AI score0.99939EPSS
Exploits36References6Affected Software28
Rapid7 Blog
Rapid7 Blog
added 2022/04/01 6:34 p.m.127 views

Metasploit Weekly Wrap-Up

CVE-2022-22963 - Spring Cloud Function SpEL RCE A new exploit/multi/http/springcloudfunctionspelinjection module has been developed by our very own Spencer McIntyre which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to Spring4Shell CVE-2022-22965, whic...

7.5CVSS1.3AI score0.99939EPSS
Exploits131
Cvelist
Cvelist
added 2022/04/01 12:0 a.m.30 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.7AI score0.99939EPSS
Exploits36References6
Vulnrichment
Vulnrichment
added 2022/04/01 12:0 a.m.8 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.6AI score0.99939EPSS
Exploits36References6
Fortinet
Fortinet
added 2022/04/01 12:0 a.m.332 views

CVE-2022-22965 and CVE-2022-22963 vulnerabilities

Two distinct spring project vulnerabilities where released recently with critical CVSS score and classified as zero-Day attacks. The two vulnerabilities are currently known as : CVE-2022-22965 or Spring4Shell: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remot...

7.5CVSS8.5AI score0.99939EPSS
Exploits131Affected Software1
CISA
CISA
added 2022/04/01 12:0 a.m.97 views

Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities

Spring by VMWare has released Spring Cloud Function versions 3.1.7 and 3.2.3 to address remote code execution RCE vulnerability CVE-2022-22963 as well as Spring Framework versions 5.3.18 and 5.2.20 to address RCE vulnerability CVE-2022-22965, known as “Spring4Shell.” A remote attacker could explo...

7.5CVSS2.3AI score0.99939EPSS
Exploits136References5
ATTACKERKB
ATTACKERKB
added 2022/04/01 12:0 a.m.43 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. Recent assessments:...

9.8CVSS9.5AI score0.99939EPSS
In wildExploits36References7
Kitploit
Kitploit
added 2022/03/31 8:30 p.m.21 views

Spring-Spel-0Day-Poc - Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression, RCE, 0day, 0-day, POC, EXP

spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header spring.cloud.function.routing-expression:Tjava.lang.Runtime.getRuntime.exec"open -a calculator.app" build wget...

7.4AI score
Exploits0References5
GithubExploit
GithubExploit
added 2022/03/31 8:19 p.m.399 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring CVE This includes CVE-2022-22963, a Spring SpEL / Expre...

9.8CVSS9.2AI score0.99939EPSS
Exploits131
RedhatCVE
RedhatCVE
added 2022/03/31 6:32 p.m.120 views

CVE-2022-22963

A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls. Mitigation...

9.8CVSS4.8AI score0.99939EPSS
Exploits36References5
Metasploit
Metasploit
added 2022/03/31 5:42 p.m.293 views

Spring Cloud Function SpEL Injection

Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attack...

9.8CVSS9.5AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2022/03/31 2:32 p.m.70 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function VulnerabilityCVE-2022-22963 Vulnerabl...

9.8CVSS8.5AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2022/03/31 11:14 a.m.263 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for Englis...

9.8CVSS9.6AI score0.99939EPSS
Exploits36
Rows per page
Query Builder