Vmware Spring Cloud Function vulnerabilities

2 known vulnerabilities affecting vmware/spring_cloud_function.

Total CVEs

2

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

CRITICAL1HIGH1

Vulnerabilities

Page 1 of 1

CVE-2022-22979HIGHCVSS 7.5fixed in 3.2.6vSpring Cloud Function (prior to 3.2.6)2022-06-21

CVE-2022-22979 [HIGH] CWE-770 CVE-2022-22979: In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts w In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.

CVE-2022-22963CRITICALCVSS 9.8KEVPoC≤ 3.1.6≥ 3.2.0, ≤ 3.2.2+1 more2022-04-01

CVE-2022-22963 [CRITICAL] CWE-94 CVE-2022-22963: In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing fu In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.