In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| vmware | spring_cloud_function | 3.1.6 | - |
| vmware | spring_cloud_function | 3.2.0 - 3.2.2 | - |
| oracle | banking_branch |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
47
Affected Products
13
References
vmware / spring_cloud_function
| - |
| - |
| oracle | banking_cash_management | - | - |
| oracle | banking_corporate_lending_process_management | - | - |
| oracle | banking_credit_facilities_process_management | - | - |
| oracle | banking_electronic_data_exchange_for_corporates | - | - |
| oracle | banking_liquidity_management | - | - |
| oracle | banking_liquidity_management | - | - |
| oracle | banking_origination | - | - |
| oracle | banking_supply_chain_finance | - | - |
| oracle | banking_trade_finance_process_management | - | - |
| oracle | banking_virtual_account_management | - | - |
| oracle | communications_cloud_native_core_automated_test_suite | - | - |
| oracle | communications_cloud_native_core_automated_test_suite | - | - |
| oracle | communications_cloud_native_core_console | - | - |
| oracle | communications_cloud_native_core_console | - | - |
| oracle | communications_cloud_native_core_network_exposure_function | - | - |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | - | - |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | - | - |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | - | - |
| oracle | communications_cloud_native_core_network_repository_function | - | - |
| oracle | communications_cloud_native_core_network_repository_function | - | - |
| oracle | communications_cloud_native_core_network_slice_selection_function | - | - |
| oracle | communications_cloud_native_core_network_slice_selection_function | - | - |
| oracle | communications_cloud_native_core_policy | - | - |
| oracle | communications_cloud_native_core_policy | - | - |
| oracle | communications_cloud_native_core_policy | - | - |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | - | - |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | - | - |
| oracle | communications_cloud_native_core_unified_data_repository | - | - |
| oracle | communications_cloud_native_core_unified_data_repository | - | - |
| oracle | communications_communications_policy_management | - | - |
| oracle | financial_services_analytical_applications_infrastructure | - | - |
| oracle | financial_services_analytical_applications_infrastructure | - | - |
| oracle | financial_services_behavior_detection_platform | - | - |
| oracle | financial_services_behavior_detection_platform | - | - |
| oracle | financial_services_behavior_detection_platform | - | - |
| oracle | financial_services_enterprise_case_management | - | - |
| oracle | financial_services_enterprise_case_management | - | - |
| oracle | financial_services_enterprise_case_management | - | - |
| oracle | mysql_enterprise_monitor | 8.0.29 | - |
| oracle | product_lifecycle_analytics | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | sd-wan_edge | - | - |
| oracle | sd-wan_edge | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact