750 matches found
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
NOTE: This post is about the confirmed and patched vulnerability tracked as CVE-2022-22963. While the researchers at Sysdig refer to this Spring Cloud bug as “Spring4Shell,” it should be noted that there is some confusion as to what to call it, with another security firm referring to a different,...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 RCE PoC Minimal example to reproduce CVE-2022-...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 CVE-2022-22963 Spring-Cloud-Function-SpELRCE漏...
Spring Cloud Azure 4.0 is Now Generally Available
NOTE: Hi, Spring fans! This is a guest post from Sean Li, our friend at Microsoft I am pleased to announce that Spring Cloud Azure 4.0 is now generally available. With this major release we aim to bring better security, leaner dependencies, support for production readiness and more. Version 4...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 CVE-2022-22963 PoC Slight modified for Englis...
CVE report published for Spring Cloud Function
We have released Spring Cloud Function 3.1.7 & 3.2.3 to address the following CVE report. CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression Please review the information in the CVE report and upgrade immediately...
Vulnerability fixed in Spring Cloud Function
A vulnerability has been fixed in Spring Cloud Function. A malicious party could potentially exploit the vulnerability to execute arbitrary code under application privileges. Spring Cloud Function is a complementary library for Spring Cloud, but is made available separately from the Spring...
PT-2022-2029
Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions Description The issue is related to a remote code execution vulnerability in Spring Cloud Function when using routing functionality. It is possible for a user to provid...
The vulnerability of the Gateway Actuator component in the Spring Cloud Gateway API gateway library allows a attacker to execute arbitrary code.
The vulnerability of the Gateway Actuator component in the Spring Cloud Gateway API gateway library is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 poc for CVE-2022-22947...
SPEL Expression Injection Vulnerability in Spring Cloud Function
Spring Cloud Function is a functional computing framework based on Spring Boot.Spring Cloud Function is vulnerable to SPEL expression injection, which can be exploited by attackers to perform injection attacks remotely via SPEL expression injection...
Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway
漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目,该项目是基于 Spring 5.0,Spring Boot 2.0 和 Project Reactor 等技术开发的网关,它旨在为微服务架构提供一种简单有效的统一的API路由管理方式。 前段时间springCloud Gateway被爆致命RCE CVE ,cve信息显示当应用程序启用和暴露Spring Cloud Gateway的Gateway Actuator endpoint时,会受到远程代码注入攻击,攻击者发送恶意请求从而可远程执行任意代码。目前受影响的版本如下: 3.1.0 3.0...
Spring Cloud Gateway < 3.0.7 / 3.1.x < 3.1.1 Remote Code Execution
In Spring Cloud Gateway versions prior to 3.1.1 and 3.0.7, applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker can craft a malicious request that could allow arbitrary remote execution on the remote host. N...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
Vulnerability Profile Spring Cloud Gateway is a brand new pro...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
Vulnerability Profile Spring Cloud Gateway is a brand new pro...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 pocsuite -r CVE-2022-22947POCEXP.py -u url --...
cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +903 more potentially affected by CVE-2021-44667 via com.alibaba.nacos:nacos-common (>=0.1.0 <=1.4.4)
com.alibaba.nacos:nacos-common MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.2, =1.0.0, =1.0.4.R, =1.1, =1.1, =1.0.0.RELEASE, =0.0.2, =0.0.2, =0.0.4.BETA, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-44667 Source advisory: OSV:GHSA-4GR7-QW2Q-JXH6...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947-ex...
Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947-ex...
Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947-ex...