cpe:2.3:a:vmware:spring_cloud_function:1.0.0:m4:*:*:*:*:*:*
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
Max CVSS
7.5
EPSS Score
0.09%
Published
2022-06-21
Updated
2022-06-28

CVE-2022-22963

Known exploited
Public exploit
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Max CVSS
9.8
EPSS Score
97.54%
Published
2022-04-01
Updated
2023-07-13
CISA KEV Added
2022-08-25
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!