Share
## https://sploitus.com/exploit?id=D3AC6664-6D70-5C92-B324-636F00D7DB25
# CVE-2022-22947
> A code injection attack on spring cloud gateway
## Summary of the CVE
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+, applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
## Affected Versions
- Oracle Commerce Guided Search 11.3.2
- Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
- Oracle Communications Cloud Native Core Console 22.2.0
- Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
- Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.0
- Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1
- Oracle Communications Cloud Native Core Network Repository Function 1.15.0
- Oracle Communications Cloud Native Core Network Repository Function 1.15.1
- Oracle Communications Cloud Native Core Network Repository Function 22.2.0
- Oracle Communications Cloud Native Core Network Repository Function 22.1.2
- Oracle Communications Cloud Native Core Binding Support Function 1.11.0
- Oracle Communications Cloud Native Core Binding Support Function 22.1.3
- Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
- Oracle Communications Cloud Native Core Network Exposure Function 22.1.0
- Vmware Spring Cloud Gateway < 3.0.7
- Vmware Spring Cloud Gateway 3.1.0
## References
- [Github POC - luckone, Mar 02 2022](https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947)
- [Spring Security Advisories, Mar 01 2022](https://spring.io/security/cve-2022-22947)
- [Original Discovery - Wyatt Dahlenburg, Feb 26 2022](https://wya.pl/2022/02/26/cve-2022-22947-spel-casting-and-evil-beans/)
- [CVE-details - CVSS Score 10.0](https://www.cvedetails.com/cve/CVE-2022-22947)