Spring Cloud Function Remote Code Execution

Added: 04/05/2022

Background

Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic.

Problem

Spring Cloud Function has remote code execution vulnerability. An attacker could provide a crafted Spring Expression language (SpEL) as a routing-expression that may result in access to local resources.

Resolution

Apply the patch referenced in the CVE-2022-22963.

References

https://tanzu.vmware.com/security/cve-2022-22963

Limitations

Platforms

Windows
Linux

Back to exploit index