QwikSec

Security Database

CVE

CWE

Training

CVE-2022-22963

Published: Apr 1, 2022

Modified: Oct 21, 2025

PUBLISHED

Description

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Vendor	Product	Versions
n/a	Spring Cloud Function	affected `Spring Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions`

Weaknesses (CWE)

References

https://tanzu.vmware.com/security/cve-2022-22963

20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022

vendor-advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

https://www.oracle.com/security-alerts/cpujul2022.html

http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.