Описание
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls.
Меры по смягчению последствий
Affected customers should update immediately as soon as patched software is available. There are no other mitigations available at this time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | spring-cloud-function | Not affected | ||
| Openshift Serveless 1.21 | openshift-serverless-1/client-kn-rhel8 | Fixed | RHSA-2022:1292 | 11.04.2022 |
| Openshift Serveless 1.21 | openshift-serverless-1/kn-cli-artifacts-rhel8 | Fixed | RHSA-2022:1292 | 11.04.2022 |
| Openshift Serverless 1 on RHEL 8 | openshift-serverless-clients | Fixed | RHSA-2022:1291 | 11.04.2022 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
9.8 Critical
CVSS3