Spring Cloud Function SpEL Injection
Posted by deepcore on April 1, 2022 – 11:06 pm
Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote code execution. Both patched and unpatched servers will respond with a 500 server error and a JSON encoded message.
Post a reply
You must be logged in to post a comment.