Lucene search
K

750 matches found

ThreatPost
ThreatPost
added 2022/03/30 6:4 p.m.476 views

RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn

NOTE: This post is about the confirmed and patched vulnerability tracked as CVE-2022-22963. While the researchers at Sysdig refer to this Spring Cloud bug as “Spring4Shell,” it should be noted that there is some confusion as to what to call it, with another security firm referring to a different,...

9.8CVSS9.2AI score0.99939EPSS
Exploits36References9
GithubExploit
GithubExploit
added 2022/03/30 5:37 p.m.421 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 RCE PoC Minimal example to reproduce CVE-2022-...

9.8CVSS9.8AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2022/03/30 11:36 a.m.339 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 Spring-Cloud-Function-SpELRCE漏...

9.8CVSS9.6AI score0.99939EPSS
Exploits36
Spring Security Advisories
Spring Security Advisories
added 2022/03/30 7:0 a.m.12 views

Spring Cloud Azure 4.0 is Now Generally Available

NOTE: Hi, Spring fans! This is a guest post from Sean Li, our friend at Microsoft I am pleased to announce that Spring Cloud Azure 4.0 is now generally available. With this major release we aim to bring better security, leaner dependencies, support for production readiness and more. Version 4...

0.4AI score
Exploits0
GithubExploit
GithubExploit
added 2022/03/30 5:4 a.m.766 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for Englis...

9.8CVSS9.6AI score0.99939EPSS
Exploits36
Spring Security Advisories
Spring Security Advisories
added 2022/03/30 12:53 a.m.145 views

CVE report published for Spring Cloud Function

We have released Spring Cloud Function 3.1.7 & 3.2.3 to address the following CVE report. CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression Please review the information in the CVE report and upgrade immediately...

7.5CVSS3AI score0.99939EPSS
Exploits36
NCSC
NCSC
added 2022/03/30 12:0 a.m.7 views

Vulnerability fixed in Spring Cloud Function

A vulnerability has been fixed in Spring Cloud Function. A malicious party could potentially exploit the vulnerability to execute arbitrary code under application privileges. Spring Cloud Function is a complementary library for Spring Cloud, but is made available separately from the Spring...

9.8CVSS7.4AI score0.99939EPSS
Exploits36
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.8 views

PT-2022-2029

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions Description The issue is related to a remote code execution vulnerability in Spring Cloud Function when using routing functionality. It is possible for a user to provid...

9.8CVSS9.8AI score0.99939EPSS
Exploits36References65
BDU FSTEC
BDU FSTEC
added 2022/03/28 12:0 a.m.6 views

The vulnerability of the Gateway Actuator component in the Spring Cloud Gateway API gateway library allows a attacker to execute arbitrary code.

The vulnerability of the Gateway Actuator component in the Spring Cloud Gateway API gateway library is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request...

10CVSS8AI score0.98253EPSS
Exploits54References7Affected Software1
GithubExploit
GithubExploit
added 2022/03/25 12:43 p.m.239 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 poc for CVE-2022-22947...

10CVSS9.7AI score0.98253EPSS
Exploits54
CNVD
CNVD
added 2022/03/25 12:0 a.m.9 views

SPEL Expression Injection Vulnerability in Spring Cloud Function

Spring Cloud Function is a functional computing framework based on Spring Boot.Spring Cloud Function is vulnerable to SPEL expression injection, which can be exploited by attackers to perform injection attacks remotely via SPEL expression injection...

4.7AI score
Exploits0References1
Gitee
Gitee
added 2022/03/24 6:54 p.m.3 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目,该项目是基于 Spring 5.0,Spring Boot 2.0 和 Project Reactor 等技术开发的网关,它旨在为微服务架构提供一种简单有效的统一的API路由管理方式。 前段时间springCloud Gateway被爆致命RCE CVE ,cve信息显示当应用程序启用和暴露Spring Cloud Gateway的Gateway Actuator endpoint时,会受到远程代码注入攻击,攻击者发送恶意请求从而可远程执行任意代码。目前受影响的版本如下: 3.1.0 3.0...

10CVSS9AI score0.98253EPSS
Exploits54
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.43 views

Spring Cloud Gateway < 3.0.7 / 3.1.x < 3.1.1 Remote Code Execution

In Spring Cloud Gateway versions prior to 3.1.1 and 3.0.7, applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker can craft a malicious request that could allow arbitrary remote execution on the remote host. N...

10CVSS9.9AI score0.98253EPSS
Exploits54References2
GithubExploit
GithubExploit
added 2022/03/21 11:37 p.m.211 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Vulnerability Profile Spring Cloud Gateway is a brand new pro...

10CVSS8AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/21 11:37 p.m.497 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Vulnerability Profile Spring Cloud Gateway is a brand new pro...

10CVSS8AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/17 9:12 a.m.736 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 pocsuite -r CVE-2022-22947POCEXP.py -u url --...

10CVSS7.1AI score0.98253EPSS
Exploits54
vulnersOsv
vulnersOsv
added 2022/03/12 12:0 a.m.5 views

cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +903 more potentially affected by CVE-2021-44667 via com.alibaba.nacos:nacos-common (>=0.1.0 <=1.4.4)

com.alibaba.nacos:nacos-common MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.2, =1.0.0, =1.0.4.R, =1.1, =1.1, =1.0.0.RELEASE, =0.0.2, =0.0.2, =0.0.4.BETA, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-44667 Source advisory: OSV:GHSA-4GR7-QW2Q-JXH6...

6.1CVSS6.3AI score0.00818EPSS
Exploits1
GithubExploit
GithubExploit
added 2022/03/10 3:51 a.m.279 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-ex...

10CVSS9.8AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/10 3:51 a.m.3 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-ex...

10CVSS7.1AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/10 3:51 a.m.2 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-ex...

10CVSS7.1AI score0.98253EPSS
Exploits54
Rows per page
Query Builder