GHSA-6v73-fgf6-w5j7, CVE-2022-22963
maven/org.springframework.cloud/spring-cloud-function-context
Improper Control of Generation of Code ('Code Injection')
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
All versions starting from 3.2.0 before 3.2.3, all versions before 3.1.7
Upgrade to version 3.1.7 or above.
2022-05-04
source |