CVE: 2022 22965 | Remote code execution in Spring Cloud Function | DEMO #ChaliyeHackKarteHain❤️
In Spring Cloud Function versions 3.1.6, 3.2.2, and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Affected VMware Products and Versions: Severity is critical unless otherwise noted.
Spring Cloud Function
3.1.6
3.2.2
Older, unsupported versions are also affected
Mitigation
Users of affected versions should upgrade to 3.1.7, 3.2.3. No other steps are necessary. Releases that have fixed this issue include:
Spring Cloud Function
3.1.7
3.2.3
Credit
This vulnerability was initially discovered and responsibly reported by m09u3r.
References
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
https://cwe.mitre.org/data/definitions/770.html
https://cwe.mitre.org/data/definitions/497.html
Thanks for watching!
देखने के लिए धन्यवाद
Благодаря за гледането
Kiitos katsomisesta
感谢您观看
Merci d'avoir regardé
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
دیکھنے کے لیے شکریہ
PoC By Jaspreet Singh
Join Infosec Gamer on DISCORD: https://discord.com/invite/nS62Eu7
For Career Advice in Cyber Security: Talk to Me 😊
-------------------------------------------------------------------------------
Instagram► https://www.instagram.com/iamrahultyagi
Facebook ► https://www.facebook.com/infosecgamer/
Twitter ► https://twitter.com/rahultyagihacks
Like and Subscribe
-------------------------------
https://www.youtube.com/infosecgamer?sub_confirmation=1