Remote Code Execution Affecting org.springframework.cloud:spring-cloud-function-context package, versions [,3.1.7) [3.2.0,3.2.3)
Attack Complexity Low
Exploit Maturity Mature
EPSS 97.54% (100th percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-ORGSPRINGFRAMEWORKCLOUD-2436645
- published 30 Mar 2022
- disclosed 30 Mar 2022
- credit m09u3r
How to fix?
org.springframework.cloud:spring-cloud-function-context to version 3.1.7, 3.2.3 or higher.
Affected versions of this package are vulnerable to Remote Code Execution. An attacker is able to provide a crafted
SpEL as a routing-expression that may result in access to local resources or even remote code execution.