GHSA-q979-9m39-23mq

Suggest an improvement
Source
https://github.com/advisories/GHSA-q979-9m39-23mq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-q979-9m39-23mq/GHSA-q979-9m39-23mq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q979-9m39-23mq
Aliases
Published
2022-09-25T00:00:15Z
Modified
2024-02-22T05:33:39.019185Z
Severity
  • 9.4 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVSS Calculator
Summary
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Details

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.

References

Affected packages

Maven / com.nepxion:discovery

Package

Name
com.nepxion:discovery
View open source insights on deps.dev
Purl
pkg:maven/com.nepxion/discovery

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
6.16.2

Affected versions

Edgware.*

Edgware.1.0.0

Finchley.*

Finchley.1.0.0

1.*

1.0.0
1.0.1

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11

3.*

3.0.0
3.0.1
3.1.0
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
3.3.10
3.3.11
3.3.12
3.3.13
3.3.14
3.3.15
3.3.16
3.3.17
3.3.18
3.3.19
3.3.20
3.3.21
3.3.22
3.3.23
3.3.24
3.3.25
3.3.26
3.3.27
3.3.28
3.3.29
3.3.30
3.3.31
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.6.9
3.6.10
3.6.11
3.6.12
3.6.13
3.6.14
3.6.15
3.6.16
3.6.17
3.6.18
3.6.19
3.6.20
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.7.8
3.7.9
3.7.10
3.7.11
3.7.12
3.8.0-RC1
3.8.0
3.8.1
3.8.2
3.8.2.1
3.8.2.2
3.8.2.3
3.8.2.4
3.8.2.5
3.8.2.6
3.8.3
3.8.4
3.8.4.1
3.8.5
3.8.5.1
3.8.5.2
3.8.6
3.8.6.1
3.8.6.2
3.8.7
3.8.8
3.8.9
3.8.10
3.8.11
3.8.12
3.8.13
3.9.0
3.9.1
3.9.2
3.10.0
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.10.6
3.10.7
3.10.8
3.11.0
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.6
3.11.7
3.11.8
3.11.9
3.12.0
3.12.1
3.12.2
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.13.5
3.13.6
3.13.7
3.13.8
3.13.9
3.13.10
3.13.11
3.13.12
3.13.13
3.14.0
3.15.0
3.16.0
3.16.1
3.16.2
3.16.3
3.16.4
3.16.5
3.16.6
3.16.7
3.17.0
3.18.0
3.19.0
3.20.0
3.20.1
3.20.2
3.20.3
3.21.0
3.22.0
3.23.0
3.24.0
3.25.0
3.26.0
3.27.0
3.28.0
3.28.1
3.29.0
3.30.0
3.31.0
3.32.0
3.33.0
3.33.1
3.33.2
3.34.0
3.35.0
3.36.0
3.37.0
3.38.0

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19
4.3.20
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
4.7.10
4.7.11
4.7.12
4.8.0-RC1
4.8.0
4.8.1
4.8.2
4.8.2.1
4.8.2.2
4.8.2.3
4.8.2.4
4.8.2.5
4.8.2.6
4.8.3
4.8.4
4.8.4.1
4.8.5
4.8.5.1
4.8.5.2
4.8.6
4.8.6.1
4.8.6.2
4.8.7
4.8.8
4.8.9
4.8.10
4.8.11
4.8.12
4.8.13
4.9.0
4.9.1
4.9.2
4.10.0
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.12.0
4.12.1
4.12.2
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.13.5
4.13.6
4.13.7
4.13.8
4.13.9
4.13.10
4.13.11
4.13.12
4.13.13
4.14.0
4.15.0

5.*

5.0.0
5.0.0.1
5.0.0.2
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.1.0
5.1.1
5.1.2
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.4.0
5.4.1
5.4.2
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.5.10
5.5.11
5.5.12
5.5.13
5.6.0

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.1.0
6.2.0
6.3.0
6.3.1
6.3.2
6.3.3
6.5.0
6.6.0
6.7.0
6.8.0
6.9.0
6.10.0
6.11.0
6.12.0
6.12.1
6.12.2
6.12.3
6.12.4
6.12.5
6.12.6
6.12.7
6.12.8
6.12.9
6.12.10
6.12.11
6.13.0
6.13.1
6.14.0
6.15.0
6.16.0
6.16.1
6.16.2