Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Spring Cloud Gateway Improper Neutralization of Special Elements used in an Expression Language Statement (Expression La Vulnerability - CVE-2022-22947 - Vulnerability Database
Spring Cloud Gateway

Spring Cloud Gateway Improper Neutralization of Special Elements used in an Expression Language Statement (Expression La Vulnerability - CVE-2022-22947

Critical
Reference: CVE-2022-22947
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-22947
Title: Spring Cloud Gateway Improper Neutralization of Special Elements used in an Expression Language Statement (Expression La Vulnerability
Overview:

In spring cloud gateway versions prior to 3.1.1 and 3.0.7 applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.