GHSA-q979-9m39-23mq

Source

https://github.com/advisories/GHSA-q979-9m39-23mq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-q979-9m39-23mq/GHSA-q979-9m39-23mq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q979-9m39-23mq

Aliases

CVE-2022-23463

Published

2022-09-25T00:00:15Z

Modified

2024-02-22T05:33:39.019185Z

Severity

9.4 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVSS Calculator

Summary

Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution

Details

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.

Database specific

{
    "nvd_published_at": "2022-09-24T05:15:00Z",
    "cwe_ids": [
        "CWE-917"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-28T03:30:11Z"
}

References

Affected packages

Maven / com.nepxion:discovery

Package

Name: com.nepxion:discovery; View open source insights on deps.dev
Purl: pkg:maven/com.nepxion/discovery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.16.2

Affected versions

Edgware.*

Edgware.1.0.0

Finchley.*

Finchley.1.0.0

1.*

1.0.0

1.0.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

3.*

3.0.0

3.0.1

3.1.0

3.2.0

3.2.1

3.2.2

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.3.10

3.3.11

3.3.12

3.3.13

3.3.14

3.3.15

3.3.16

3.3.17

3.3.18

3.3.19

3.3.20

3.3.21

3.3.22

3.3.23

3.3.24

3.3.25

3.3.26

3.3.27

3.3.28

3.3.29

3.3.30

3.3.31

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.6

3.5.7

3.5.8

3.5.9

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.6.7

3.6.8

3.6.9

3.6.10

3.6.11

3.6.12

3.6.13

3.6.14

3.6.15

3.6.16

3.6.17

3.6.18

3.6.19

3.6.20

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.7.8

3.7.9

3.7.10

3.7.11

3.7.12

3.8.0-RC1

3.8.0

3.8.1

3.8.2

3.8.2.1

3.8.2.2

3.8.2.3

3.8.2.4

3.8.2.5

3.8.2.6

3.8.3

3.8.4

3.8.4.1

3.8.5

3.8.5.1

3.8.5.2

3.8.6

3.8.6.1

3.8.6.2

3.8.7

3.8.8

3.8.9

3.8.10

3.8.11

3.8.12

3.8.13

3.9.0

3.9.1

3.9.2

3.10.0

3.10.1

3.10.2

3.10.3

3.10.4

3.10.5

3.10.6

3.10.7

3.10.8

3.11.0

3.11.1

3.11.2

3.11.3

3.11.4

3.11.5

3.11.6

3.11.7

3.11.8

3.11.9

3.12.0

3.12.1

3.12.2

3.13.0

3.13.1

3.13.2

3.13.3

3.13.4

3.13.5

3.13.6

3.13.7

3.13.8

3.13.9

3.13.10

3.13.11

3.13.12

3.13.13

3.14.0

3.15.0

3.16.0

3.16.1

3.16.2

3.16.3

3.16.4

3.16.5

3.16.6

3.16.7

3.17.0

3.18.0

3.19.0

3.20.0

3.20.1

3.20.2

3.20.3

3.21.0

3.22.0

3.23.0

3.24.0

3.25.0

3.26.0

3.27.0

3.28.0

3.28.1

3.29.0

3.30.0

3.31.0

3.32.0

3.33.0

3.33.1

3.33.2

3.34.0

3.35.0

3.36.0

3.37.0

3.38.0

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.3.12

4.3.13

4.3.14

4.3.15

4.3.16

4.3.17

4.3.18

4.3.19

4.3.20

4.7.0

4.7.1

4.7.2

4.7.3

4.7.4

4.7.5

4.7.6

4.7.7

4.7.8

4.7.9

4.7.10

4.7.11

4.7.12

4.8.0-RC1

4.8.0

4.8.1

4.8.2

4.8.2.1

4.8.2.2

4.8.2.3

4.8.2.4

4.8.2.5

4.8.2.6

4.8.3

4.8.4

4.8.4.1

4.8.5

4.8.5.1

4.8.5.2

4.8.6

4.8.6.1

4.8.6.2

4.8.7

4.8.8

4.8.9

4.8.10

4.8.11

4.8.12

4.8.13

4.9.0

4.9.1

4.9.2

4.10.0

4.10.1

4.10.2

4.10.3

4.10.4

4.10.5

4.10.6

4.10.7

4.10.8

4.11.0

4.11.1

4.11.2

4.11.3

4.11.4

4.11.5

4.11.6

4.11.7

4.11.8

4.11.9

4.12.0

4.12.1

4.12.2

4.13.0

4.13.1

4.13.2

4.13.3

4.13.4

4.13.5

4.13.6

4.13.7

4.13.8

4.13.9

4.13.10

4.13.11

4.13.12

4.13.13

4.14.0

4.15.0

5.*

5.0.0

5.0.0.1

5.0.0.2

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.1.0

5.1.1

5.1.2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

5.2.8

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.4.0

5.4.1

5.4.2

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.5.10

5.5.11

5.5.12

5.5.13

5.6.0

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.1.0

6.2.0

6.3.0

6.3.1

6.3.2

6.3.3

6.5.0

6.6.0

6.7.0

6.8.0

6.9.0

6.10.0

6.11.0

6.12.0

6.12.1

6.12.2

6.12.3

6.12.4

6.12.5

6.12.6

6.12.7

6.12.8

6.12.9

6.12.10

6.12.11

6.13.0

6.13.1

6.14.0

6.15.0

6.16.0

6.16.1

6.16.2