Remote Code Execution Affecting org.springframework.cloud:spring-cloud-function-context Open this link in a new tab package, versions [,3.1.7) [3.2.0,3.2.3)


0.0
critical
  • Exploit Maturity

    Mature

  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGSPRINGFRAMEWORKCLOUD-2436645

  • published

    30 Mar 2022

  • disclosed

    30 Mar 2022

  • credit

    m09u3r

How to fix?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.1.7, 3.2.3 or higher.

Overview

Affected versions of this package are vulnerable to Remote Code Execution. An attacker is able to provide a crafted SpEL as a routing-expression that may result in access to local resources or even remote code execution.