In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
| Link | Tags |
|---|---|
| https://tanzu.vmware.com/security/cve-2022-22963 | vendor advisory |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH | third party advisory vendor advisory |
| https://www.oracle.com/security-alerts/cpuapr2022.html | third party advisory patch |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 | third party advisory |
| https://www.oracle.com/security-alerts/cpujul2022.html | third party advisory patch |
| http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html | exploit vdb entry third party advisory |