Lucene search
GitHub Advisory DatabaseGHSA-3GX9-37WW-9QW6HistoryMar 04, 2022 - 12:00 a.m.
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
2022-03-0400:00:15
CWE-94
CWE-917
GitHub Advisory Database
github.com
41
0.975 High
EPSS
Percentile
100.0%
In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the remote host.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.springframework.cloud:spring-cloud-gateway | lt | 3.1.1 | |
| org.springframework.cloud:spring-cloud-gateway | lt | 3.0.7 |
References
packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
github.com/advisories/GHSA-3gx9-37ww-9qw6
nvd.nist.gov/vuln/detail/CVE-2022-22947
tanzu.vmware.com/security/cve-2022-22947
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
Related
osv
osv
CVE-2022-22947
2022-03-03 22:15:08
attackerkb
attackerkb
CVE-2022-22947
2022-03-03 00:00:00
nessus
nessus
VMware Spring Cloud Gateway 3.0 < 3.0.7 / 3.1 < 3.1.1 Code Injection
2022-07-29 00:00:00
Spring Cloud Gateway Code Injection (CVE-2022-22947)
2023-05-26 00:00:00
cisa_kev
cisa_kev
VMware Spring Cloud Gateway Code Injection Vulnerability
2022-05-16 00:00:00
githubexploit
githubexploit
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
2022-03-21 23:37:20
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
2022-03-04 02:27:50
Exploit for Code Injection in Vmware Spring Cloud Gateway
2022-03-04 02:29:02
nuclei
nuclei
Spring Cloud Gateway Code Injection
2022-03-02 08:45:10
metasploit
metasploit
Spring Cloud Gateway Remote Code Execution
2022-10-06 19:48:36
cve
cve
CVE-2022-22947
2022-03-03 22:15:00
packetstorm
packetstorm
Spring Cloud Gateway 3.1.0 Remote Code Execution
2022-10-17 00:00:00
Spring Cloud Gateway 3.1.0 Remote Code Execution
2022-03-07 00:00:00
veracode
veracode
Code Injection
2022-03-02 08:46:00
openvas
openvas
prion
prion
Code injection
2022-03-03 22:15:00
thn
thn
New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners
2022-05-17 09:37:00
Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability
2022-05-17 03:17:00
cvelist
cvelist
CVE-2022-22947
2022-03-03 00:00:00
cnvd
cnvd
Spring Cloud Gateway Remote Code Execution Vulnerability
2022-03-03 00:00:00
threatpost
threatpost
Sysrv-K Botnet Targets Windows, Linux
2022-05-17 13:53:19
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
2022-05-31 12:24:44
zdt
zdt
Spring Cloud Gateway 3.1.0 - Remote Code Execution Exploit
2022-03-07 00:00:00
Spring Cloud Gateway 3.1.0 Remote Code Execution Exploit
2022-10-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Spring Cloud Gateway Remote Code Execution (CVE-2022-22947)
2022-04-03 00:00:00
malwarebytes
malwarebytes
Sysrv botnet is out to mine Monero on your Windows and Linux servers
2022-05-18 12:55:00
exploitdb
exploitdb
Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
2022-03-07 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2022-10-14 17:03:46
2022 Annual Metasploit Wrap-Up
2022-12-30 15:00:00
avleonov
avleonov
mmpc
mmpc
mssecure
mssecure
checkpoint_security
checkpoint_security
securelist
securelist
IT threat evolution in Q1 2022. Non-mobile statistics
2022-05-27 08:00:05
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00