Share
## https://sploitus.com/exploit?id=D3AC6664-6D70-5C92-B324-636F00D7DB25
# CVE-2022-22947

> A code injection attack on spring cloud gateway

## Summary of the CVE

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+, applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

## Affected Versions

- Oracle Commerce Guided Search 11.3.2        
- Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0        
- Oracle Communications Cloud Native Core Console 22.2.0        
- Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0        
- Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.0        
- Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1        
- Oracle Communications Cloud Native Core Network Repository Function 1.15.0        
- Oracle Communications Cloud Native Core Network Repository Function 1.15.1        
- Oracle Communications Cloud Native Core Network Repository Function 22.2.0        
- Oracle Communications Cloud Native Core Network Repository Function 22.1.2        
- Oracle Communications Cloud Native Core Binding Support Function 1.11.0        
- Oracle Communications Cloud Native Core Binding Support Function 22.1.3        
- Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0        
- Oracle Communications Cloud Native Core Network Exposure Function 22.1.0        
- Vmware Spring Cloud Gateway < 3.0.7
- Vmware Spring Cloud Gateway 3.1.0

## References

- [Github POC - luckone, Mar 02 2022](https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947)
- [Spring Security Advisories, Mar 01 2022](https://spring.io/security/cve-2022-22947)
- [Original Discovery - Wyatt Dahlenburg, Feb 26 2022](https://wya.pl/2022/02/26/cve-2022-22947-spel-casting-and-evil-beans/)
- [CVE-details - CVSS Score 10.0](https://www.cvedetails.com/cve/CVE-2022-22947)