THREAT OPS › CVEs › CVE-2022-22963
CVE-2022-22963 — VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Vulnerability details
- Affected productsSpring Cloud
- KEV remediation due2022-09-15