CVE-2022-22963
CVE-2022-22963
In short
Spring Cloud Function allows attackers to execute arbitrary code on the server by injecting malicious expressions through the routing functionality. This happens because user input is not properly validated before being processed.
Technical detail
A remote attacker can exploit improper input validation in the routing-expression parameter to inject Spring Expression Language (SpEL) payloads, achieving unauthenticated remote code execution. The vulnerability exists in versions 3.1.6, 3.2.2 and older unsupported versions when routing functionality is enabled.
Summary generated and translated by AI from the official description.
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Spring Cloud Functionpublic PoCs found — 30
githubgithub.com/hktalent/spring-spel-0day-poc★ 355githubgithub.com/dinosn/CVE-2022-22963★ 116githubgithub.com/darryk10/CVE-2022-22963★ 35githubgithub.com/J0ey17/CVE-2022-22963_Reverse-Shell-Exploit★ 24githubgithub.com/me2nuk/CVE-2022-22963★ 19githubgithub.com/RanDengShiFu/CVE-2022-22963★ 15githubgithub.com/kh4sh3i/Spring-CVE★ 14githubgithub.com/Kirill89/CVE-2022-22963-PoC★ 9githubgithub.com/k3rwin/spring-cloud-function-rce★ 8githubgithub.com/charis3306/CVE-2022-22963★ 8githubgithub.com/lemmyz4n3771/CVE-2022-22963-PoC★ 4githubgithub.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE★ 4githubgithub.com/iliass-dahman/CVE-2022-22963-POC★ 4githubgithub.com/stevemats/Spring0DayCoreExploit★ 3githubgithub.com/twseptian/cve-2022-22963★ 2githubgithub.com/AayushmanThapaMagar/CVE-2022-22963★ 1githubgithub.com/SourM1lk/CVE-2022-22963-Exploit★ 1githubgithub.com/puckiestyle/CVE-2022-22963★ 1githubgithub.com/SealPaPaPa/SpringCloudFunction-Research★ 1githubgithub.com/Shayz614/CVE-2022-22963★ 0githubgithub.com/G01d3nW01f/CVE-2022-22963★ 0githubgithub.com/75ACOL/CVE-2022-22963★ 0githubgithub.com/Mustafa1986/CVE-2022-22963★ 0githubgithub.com/gunzf0x/CVE-2022-22963★ 0githubgithub.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963★ 0githubgithub.com/BearClaw96/CVE-2022-22963-Poc-Bearcules★ 0githubgithub.com/jrbH4CK/CVE-2022-22963★ 0githubgithub.com/cyberager/CVE-2022-22963★ 0exploitdbwww.exploit-db.com/exploits/51577unverifiedcve_referencepacketstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005https://tanzu.vmware.com/security/cve-2022-22963https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxHhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22963https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html