Lucene search
K

750 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/10/14 5:3 p.m.59 views

Metasploit Wrap-Up

Spring Cloud Gateway RCE This week, a new module that exploits a code injection vulnerability in Spring Cloud Gateway CVE-2022-22947 has been added by @Ayantaker. Versions 3.1.0 and 3.0.0 to 3.0.6 are vulnerable if the Gateway Actuator endpoint is enabled, exposed and unsecured. The module sends ...

6.8CVSS1.2AI score0.98253EPSS
Exploits68
Metasploit
Metasploit
added 2022/10/12 7:50 p.m.214 views

Spring Cloud Gateway Remote Code Execution

This module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions = 3.1.0 and 3.0.0 to 3.0.6. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL expressions to...

10CVSS8.9AI score0.98253EPSS
Exploits54
Spring Security Advisories
Spring Security Advisories
added 2022/10/11 7:0 a.m.15 views

This Week in Spring - October 11th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I write this installment as I pack and prepare for my trip to Antwerp, Belgium, for the always-amazing Devoxx show in Antwerp, Belgium. Ive so missed this show over the pandemic and am so looking forward to returning. I hope ...

Exploits0
CNVD
CNVD
added 2022/09/28 12:0 a.m.35 views

Nepxion Discovery Remote Code Execution Vulnerability

Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...

9.8CVSS4AI score0.0173EPSS
Exploits1References1
Spring Security Advisories
Spring Security Advisories
added 2022/09/27 7:0 a.m.15 views

This Week in Spring - September 27th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its the last week of September, already! The years more done than not. The days are receding into darkness earlier. And the Pumpkin Spice Lattes are upon us. The darker and colder days are kind of a bummer, but Im stil excite...

7.4AI score
Exploits0
OSV
OSV
added 2022/09/25 12:0 a.m.19 views

GHSA-Q979-9M39-23MQ Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.4CVSS9.7AI score0.0173EPSS
Exploits1References3
OSV
OSV
added 2022/09/25 12:0 a.m.23 views

GHSA-HHXH-QPHC-V423 Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

4.3CVSS5.6AI score0.00607EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/09/25 12:0 a.m.25 views

Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.8CVSS2.9AI score0.0173EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/25 12:0 a.m.23 views

Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

7.5CVSS2AI score0.00607EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/09/24 5:15 a.m.40 views

CVE-2022-23463

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.8CVSS0.0173EPSS
Exploits1References1
NVD
NVD
added 2022/09/24 5:15 a.m.11 views

CVE-2022-23464

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

7.5CVSS0.00607EPSS
Exploits1References1
Prion
Prion
added 2022/09/24 5:15 a.m.12 views

Design/Logic Flaw

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

7.5CVSS9.8AI score0.0173EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/09/24 4:40 a.m.39 views

CVE-2022-23463 SpEL Injection in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.4CVSS10AI score0.0173EPSS
Exploits1References1
CVE
CVE
added 2022/09/24 4:40 a.m.116 views

CVE-2022-23463

Nepxion Discovery (Spring Cloud integration) is affected by a SpEL Injection in discovery-commons. The DiscoveryExpressionResolver’s eval method evaluates expressions with a StandardEvaluationContext, which can reach Java classes such as java.lang.Runtime and leads to Remote Code Execution. Repor...

9.8CVSS9.8AI score0.0173EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/09/24 4:40 a.m.22 views

CVE-2022-23463 SpEL Injection in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.4CVSS9.5AI score0.0173EPSS
Exploits1References3
CVE
CVE
added 2022/09/24 4:40 a.m.89 views

CVE-2022-23464

CVE-2022-23464 affects Nepxion Discovery (Spring Cloud) with SSRF in RouterResourceImpl via RestTemplate.getForEntity on user-controlled URL, potentially causing information disclosure. No patch or workarounds are documented in the provided sources; exploitation status is not detailed.

7.5CVSS5.7AI score0.00607EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/09/24 4:40 a.m.20 views

CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

4.3CVSS7.4AI score0.00607EPSS
Exploits1References3
Spring Security Advisories
Spring Security Advisories
added 2022/09/13 7:0 a.m.16 views

This Week in Spring - September 13th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Weve got a lot of good stuff to get to so lets dive right into it! A Bootiful Podcast: Hashicorps Rosemary Wang on securing the intersection of apps and ops with Hashicorp Vault a nice video by my colleague Dan Vega: Spring...

0.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/08/30 7:0 a.m.16 views

This Week in Spring - August 30th, 2022

Hi, Spring fans! How are you? Howre you doin this fine tuesday morning? Im doing well, of course, because this week VMwares tentpole show - VMware Explore - is happening not even a mile from my home, here in San Francisco! And this is just the first one - therell be another show, my favorite show...

0.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/08/27 5:15 a.m.169 views

Creating a custom Spring Cloud Gateway Filter

In this article, we look into writing a custom extension for Spring Cloud Gateway. Before we get started, let’s go over how Spring Cloud Gateway works: 1. First, a client makes a network request to the Gateway 2. The Gateway is defined with a number of routes, each with Predicates to match the...

0.4AI score
Exploits0
Rows per page
Query Builder