Security Advisory: SA-2022-005 – Spring Cloud Func... - Extreme Networks

Summary

Extreme Networks has reviewed and evaluated product and software exposure to CVE-2022-22963.

In Spring Cloud Function, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Products not listed in the Impact Details section have not been evaluated. Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published. Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question.

Products Potentially Affected
Any version of Spring Cloud function prior to 3.1.7 or 3.2.3

Please see the full security advisory here for more details.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Extreme Networks

Security Advisory: SA-2022-005 – Spring Cloud Function (CVE-2022-22963)

Summary

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)