Exploit for Spring Cloud Function Remote Code Execution CVE-2022-22963

Name: Exploit for Spring Cloud Function Remote Code Execution CVE-2022-22963
Rating: 5 (347 reviews)

2022-04-05 | CVSS 7.5

## https://sploitus.com/exploit?id=SAINT:ACED9607933F401D5B0A59CB25D22B09
Added: 04/05/2022  


### Background

[Spring Cloud Function](<https://spring.io/projects/spring-cloud-function#overview>) abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. 

### Problem

Spring Cloud Function has remote code execution vulnerability. An attacker could provide a crafted Spring Expression language (SpEL) as a routing-expression that may result in access to local resources. 

### Resolution

Apply the patch referenced in the [CVE-2022-22963](<https://tanzu.vmware.com/security/cve-2022-22963>). 

### References

<https://tanzu.vmware.com/security/cve-2022-22963>  


### Limitations

### Platforms

Windows  
Linux