← back
CVE-2022-22947

CVE-2022-22947

CVSS 10 CRITICALEPSS 98.3%● KEVCWE-94
In short

Spring Cloud Gateway allows attackers to execute arbitrary code on the server if the Actuator endpoint is exposed without proper security. This happens through a specially crafted request that exploits code injection vulnerabilities.

Technical detail

CWE-94 code injection vulnerability in Spring Cloud Gateway Actuator endpoint allows remote code execution when the endpoint is exposed without authentication. Pre-condition: Actuator must be enabled and publicly accessible. Attack vector involves sending malicious payloads through the Actuator interface, resulting in arbitrary command execution on the host.

Summary generated and translated by AI from the official description.
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
n/a · Spring Cloud Gateway
public PoCs found64
githubgithub.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947223githubgithub.com/whwlsfb/cve-2022-22947-godzilla-memshell211githubgithub.com/SecNN/CVE-2022-22947_Rce_Exp77githubgithub.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway71githubgithub.com/0730Nophone/CVE-2022-22947-60githubgithub.com/crowsec-edtech/CVE-2022-2294738githubgithub.com/0x7eTeam/CVE-2022-2294736githubgithub.com/Zh0um1/CVE-2022-2294728githubgithub.com/Tas9er/SpringCloudGatewayRCE28githubgithub.com/Enokiy/cve-2022-22947-spring-cloud-gateway18githubgithub.com/viemsr/spring_cloud_gateway_memshell18githubgithub.com/B0rn2d/Spring-Cloud-Gateway-Nacos16githubgithub.com/MoCh3n/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE14githubgithub.com/4nNns/CVE-2022-2294712githubgithub.com/k3rwin/spring-cloud-gateway-rce12githubgithub.com/Wrin9/CVE-2022-2294711githubgithub.com/twseptian/cve-2022-2294711githubgithub.com/Vulnmachines/spring-cve-2022-2294710githubgithub.com/dingxiao77/-cve-2022-22947-9githubgithub.com/SiJiDo/CVE-2022-229479githubgithub.com/hunzi0/CVE-2022-22947-Rce_POC7githubgithub.com/anansec/CVE-2022-22947_EXP7githubgithub.com/mrknow001/CVE-2022-229477githubgithub.com/YutuSec/SpEL6githubgithub.com/darkb1rd/cve-2022-229476githubgithub.com/Greetdawn/CVE-2022-229475githubgithub.com/Arrnitage/CVE-2022-22947_exp5githubgithub.com/sagaryadav8742/springcloudRCE4githubgithub.com/LY613313/CVE-2022-229473githubgithub.com/stayfoolish777/CVE-2022-22947-POC3githubgithub.com/nu0l/cve-2022-229473githubgithub.com/Le1a/CVE-2022-229472githubgithub.com/22ke/CVE-2022-229472githubgithub.com/dbgee/CVE-2022-229472githubgithub.com/Vancomycin-g/CVE-2022-229472githubgithub.com/kkx600/Burp_VulPscan2githubgithub.com/Wrong-pixel/CVE-2022-22947-exp1githubgithub.com/kmahyyg/CVE-2022-229471githubgithub.com/Jun-5heng/CVE-2022-229471githubgithub.com/qq87234770/CVE-2022-229471githubgithub.com/bysinks/CVE-2022-229471githubgithub.com/Nathaniel1025/CVE-2022-229471githubgithub.com/talentsec/Spring-Cloud-Gateway-CVE-2022-229471githubgithub.com/Sumitpathania03/CVE-2022-229470githubgithub.com/scopion/cve-2022-229470githubgithub.com/Summer177/Spring-Cloud-Gateway-CVE-2022-229470githubgithub.com/BerMalBerIst/CVE-2022-229470githubgithub.com/flying0er/CVE-2022-22947-goby0githubgithub.com/nanaao/CVE-2022-22947-POC0githubgithub.com/PaoPaoLong-lab/Spring-CVE-2022-22947-0githubgithub.com/hh-hunter/cve-2022-22947-docker0githubgithub.com/scopion/CVE-2022-22947-exp0githubgithub.com/fbion/CVE-2022-229470githubgithub.com/aesm1p/CVE-2022-22947-POC-Reproduce0githubgithub.com/SanderSchepers1993/CyberSec20260githubgithub.com/ciri3/spring-cloud-gateway-cve-2022-22947-report0githubgithub.com/entr0pie/demo-cve-2022-229470githubgithub.com/superneilcn/SpringExploitGUI0githubgithub.com/cc3305/CVE-2022-229470githubgithub.com/skysliently/CVE-2022-22947-pb-ai0githubgithub.com/shoucheng3/spring-cloud__spring-cloud-gateway_CVE-2022-22947_3-0-60cve_referencepacketstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50799unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttps://tanzu.vmware.com/security/cve-2022-22947https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html