Spring Cloud Function - Remote Code Execution (CVE-2022-22963)

Name: Spring Cloud Function - Remote Code Execution (CVE-2022-22963)
Published: 2022-04-13T00:00:00.000Z

Severity
CVE: CVE-2022-22963
CVSSv3 Score: 9.8
Exploitable with Sniper: Yes
Vulnerability description: Spring Cloud Function is affected by a Remote Code Execution, located in the /functionRouter endpoint. The root cause of this vulnerability is the lack of validation in the spring.cloud.function.routing-expression parameter by the Cloud Function, which can be used for code injection.The affected versions are 3.2.2 and 3.1.6 or lower.
Exploit capabilities: Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
Risk description: The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.
Recommendation: Upgrade the Spring Cloud Gateway to a version higher than 3.1.6, 3.2.2.
References: https://nvd.nist.gov/vuln/detail/CVE-2022-22963
Detectable with: Network Scanner
Vuln date: Mar 2022
Published at: Apr 2022
Updated at: Apr 2022
Software Type: Library
Vendor: Pivotal Software
Product: Spring Cloud Function
Codename: Not available