Lucene search
K

750 matches found

RedHat Linux
RedHat Linux
added 2022/04/11 8:25 a.m.7 views

spring-cloud-function: Remote code execution by malicious Spring Expression

A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls...

9.8CVSS7.1AI score0.99939EPSS
Exploits36References7
Tenable Nessus
Tenable Nessus
added 2022/04/07 12:0 a.m.16 views

VMware Spring Cloud Functions Installed

Binary data vmwarespringcloudfunctioninstalled.nbin...

7.3AI score
Exploits0References1
GithubExploit
GithubExploit
added 2022/04/06 9:40 a.m.297 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

SpringCloud-Gateway Command Execution Vulnerability CVE-2022...

10CVSS7.3AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/04/06 9:40 a.m.6 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

SpringCloud-Gateway Command Execution Vulnerability CVE-2022...

10CVSS7.3AI score0.98253EPSS
Exploits54
Saint
Saint
added 2022/04/05 12:0 a.m.433 views

Spring Cloud Function Remote Code Execution

Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...

9.8CVSS9.8AI score0.99939EPSS
Exploits36
Saint
Saint
added 2022/04/05 12:0 a.m.232 views

Spring Cloud Function Remote Code Execution

Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...

9.8CVSS9.8AI score0.99939EPSS
Exploits36
Broadcom
Broadcom
added 2022/04/04 12:0 a.m.11 views

BSA-2022-1768

Security Advisory ID : BSA-2022-1768 Component : Spring Cloud Revision : 1.0 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in...

9.8CVSS7.6AI score0.99939EPSS
Exploits36
vulnersOsv
vulnersOsv
added 2022/04/03 12:0 a.m.4 views

city.smartb.f2:f2-spring-boot-starter-function (>=0.2.2 <=0.6.0), city.smartb.f2:f2-spring-boot-starter-function-http (>=0.2.2 <=0.6.0) +412 more potentially affected by CVE-2022-22963 via org.springframework.cloud:spring-cloud-function-context (>=3.2.0 <=3.2.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =3.2.0, =0.2.2, =0.2.2, =0.2.2, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.6.0 and more Source cves: CVE-2022-22963 Source advisory: OSV:GHSA-6V73-FGF6-W5J7...

9.8CVSS7.3AI score0.99939EPSS
Exploits36
vulnersOsv
vulnersOsv
added 2022/04/03 12:0 a.m.5 views

ai.hyacinth.framework:core-service-bus-support (>=0.5.0 <=0.5.24), cc.vihackerframework:vihacker-kafka-starter (>=1.0.4.R <=1.0.6.R) +815 more potentially affected by CVE-2022-22963 via org.springframework.cloud:spring-cloud-function-context (>=1.0.0.RELEASE <=3.1.6)

org.springframework.cloud:spring-cloud-function-context MAVEN version =1.0.0.RELEASE, =0.5.0, =1.0.4.R, =1.0.6.R - ch.voulgarakis:spring-cloud-stream-binder-jms =1.0.0.RELEASE - city.smartb.f2:f2-spring-boot-starter-function =0.1.0 - city.smartb.f2:f2-spring-boot-starter-function-http =0.1.0 -...

9.8CVSS7.2AI score0.99939EPSS
Exploits36
Github Security Blog
Github Security Blog
added 2022/04/03 12:0 a.m.87 views

Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS4.8AI score0.99939EPSS
Exploits36References9Affected Software1
OSV
OSV
added 2022/04/03 12:0 a.m.3 views

GHSA-6V73-FGF6-W5J7 Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS7.7AI score0.99939EPSS
Exploits36References9
Check Point Advisories
Check Point Advisories
added 2022/04/03 12:0 a.m.14 views

Spring Cloud Gateway Remote Code Execution (CVE-2022-22947)

A remote code execution vulnerability exists in Spring Cloud Gateway. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS6AI score0.98253EPSS
Exploits54
SonicWall
SonicWall
added 2022/04/02 6:13 p.m.15 views

Spring Remote Code Execution: CVE-2022-22963 and CVE-2022-22965

SonicWall PSIRT is tracking two critical vulnerabilities impacting the Spring Framework. This advisory is intended to address both. 1CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring ExpressionIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported...

9.8CVSS10AI score0.99939EPSS
Exploits131
Cisco
Cisco
added 2022/04/01 11:45 p.m.111 views

Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022

On March 29, 2022, the following critical vulnerability in the Spring Cloud Function Framework affecting releases 3.1.6, 3.2.2, and older unsupported releases was disclosed: CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression For a description of this...

9.8CVSS9.8AI score0.99939EPSS
Exploits36References1
NVD
NVD
added 2022/04/01 11:15 p.m.25 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS0.99939EPSS
Exploits36References7
OSV
OSV
added 2022/04/01 11:15 p.m.41 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS9.6AI score0.99939EPSS
Exploits36References7
Prion
Prion
added 2022/04/01 11:15 p.m.40 views

Remote code execution

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

7.5CVSS9.4AI score0.99939EPSS
Exploits36References6Affected Software28
Rapid7 Blog
Rapid7 Blog
added 2022/04/01 6:34 p.m.127 views

Metasploit Weekly Wrap-Up

CVE-2022-22963 - Spring Cloud Function SpEL RCE A new exploit/multi/http/springcloudfunctionspelinjection module has been developed by our very own Spencer McIntyre which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to Spring4Shell CVE-2022-22965, whic...

7.5CVSS1.3AI score0.99939EPSS
Exploits131
Rapid7 Blog
Rapid7 Blog
added 2022/04/01 2:42 p.m.228 views

Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems

We have completed remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that we found on our internet-facing services and systems. We continue to monitor for new vulnerability instances and to remediate vulnerabilities on internally accessible...

7.5CVSS1.9AI score0.99939EPSS
Exploits131
Cvelist
Cvelist
added 2022/04/01 12:0 a.m.30 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.7AI score0.99939EPSS
Exploits36References6
Rows per page
Query Builder