PRP: Request Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947) #231
Labels
Comments
|
Hi @hh-hunter, Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development. Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello.
I would like to start implementing a plugin to detect Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
This vulnerability should be relatively new and has been patched.
https://spring.io/blog/2022/03/01/spring-cloud-gateway-cve-reports-published
https://wya.pl/2022/02/26/cve-2022-22947-spel-casting-and-evil-beans/
https://tanzu.vmware.com/security/cve-2022-22947
This exploit is so new that there is no nvd rating yet, I will update this description once nvd updates the rating
Spring Cloud Gateway provides a library for building an API Gateway on top of Spring WebFlux.
Applications using Spring Cloud Gateway in the version prior to 3.1.0 and 3.0.6, are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
The vulnerability can be exploited remotely without authentication and user interaction.
Please let me know if this is in scope to start with its development.
The text was updated successfully, but these errors were encountered: