In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
{
"versions": [
{
"introduced": "0"
},
{
"fixed": "3.0.7"
},
{
"introduced": "0"
},
{
"last_affected": "3.1.0"
}
]
}[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.1.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.0"
}
]
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22947.json"