Vulnerability feed

Vulnerability

CVE-2022-22963

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-22963
Description:: In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Last updated date:: 06/28/2024

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 03/31/2022
Reference url to background: https://www.fastly.com/blog/spring-has-sprung-breaking-down-cve-2022-22963-and-spring4shell-cve-2022

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/26/2022
Reference url to background: https://github.com/hktalent/spring-spel-0day-poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/30/2022
Reference url to background: https://github.com/dinosn/CVE-2022-22963

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/30/2022
Reference url to background: https://github.com/RanDengShiFu/CVE-2022-22963

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/30/2022
Reference url to background: https://github.com/darryk10/CVE-2022-22963

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/30/2022
Reference url to background: https://github.com/Kirill89/CVE-2022-22963-PoC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/30/2022
Reference url to background: https://github.com/stevemats/Spring0DayCoreExploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/31/2022
Reference url to background: https://packetstormsecurity.com/files/166562/Spring-Cloud-Function-SpEL-Injection.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/31/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/spring_cloud_function_spel_injection.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/31/2022
Reference url to background: https://github.com/exploitbin/CVE-2022-22963-Spring-Core-RCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/31/2022
Reference url to background: https://github.com/me2nuk/CVE-2022-22963

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/31/2022
Reference url to background: https://github.com/kh4sh3i/Spring-CVE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/14/2022
Reference url to background: https://github.com/k3rwin/spring-cloud-function-rce

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/15/2023
Reference url to background: https://github.com/iliass-dahman/CVE-2022-22963-POC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/07/2023
Reference url to background: https://github.com/charis3306/CVE-2022-22963

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/13/2023
Reference url to background: https://github.com/lemmyz4n3771/CVE-2022-22963-PoC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/18/2023
Reference url to background: https://github.com/J0ey17/CVE-2022-22963_Reverse-Shell-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/17/2023
Reference url to background: https://github.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/28/2024
Reference url to background: http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |