GHSA-q979-9m39-23mq

Source
https://github.com/advisories/GHSA-q979-9m39-23mq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-q979-9m39-23mq/GHSA-q979-9m39-23mq.json
Aliases
Published
2022-09-25T00:00:15Z
Modified
2024-02-22T05:33:39.019185Z
Details

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.

References

Affected packages

Maven / com.nepxion:discovery

Package

Name
com.nepxion:discovery

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Last affected
6.16.2

Affected versions

Edgware.*

Edgware.1.0.0

Finchley.*

Finchley.1.0.0

1.*

1.0.0
1.0.1

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11

3.*

3.0.0
3.0.1
3.1.0
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
3.3.10
3.3.11
3.3.12
3.3.13
3.3.14
3.3.15
3.3.16
3.3.17
3.3.18
3.3.19
3.3.20
3.3.21
3.3.22
3.3.23
3.3.24
3.3.25
3.3.26
3.3.27
3.3.28
3.3.29
3.3.30
3.3.31
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.6.9
3.6.10
3.6.11
3.6.12
3.6.13
3.6.14
3.6.15
3.6.16
3.6.17
3.6.18
3.6.19
3.6.20
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.7.8
3.7.9
3.7.10
3.7.11
3.7.12
3.8.0-RC1
3.8.0
3.8.1
3.8.2
3.8.2.1
3.8.2.2
3.8.2.3
3.8.2.4
3.8.2.5
3.8.2.6
3.8.3
3.8.4
3.8.4.1
3.8.5
3.8.5.1
3.8.5.2
3.8.6
3.8.6.1
3.8.6.2
3.8.7
3.8.8
3.8.9
3.8.10
3.8.11
3.8.12
3.8.13
3.9.0
3.9.1
3.9.2
3.10.0
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.10.6
3.10.7
3.10.8
3.11.0
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.6
3.11.7
3.11.8
3.11.9
3.12.0
3.12.1
3.12.2
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.13.5
3.13.6
3.13.7
3.13.8
3.13.9
3.13.10
3.13.11
3.13.12
3.13.13
3.14.0
3.15.0
3.16.0
3.16.1
3.16.2
3.16.3
3.16.4
3.16.5
3.16.6
3.16.7
3.17.0
3.18.0
3.19.0
3.20.0
3.20.1
3.20.2
3.20.3
3.21.0
3.22.0
3.23.0
3.24.0
3.25.0
3.26.0
3.27.0
3.28.0
3.28.1
3.29.0
3.30.0
3.31.0
3.32.0
3.33.0
3.33.1
3.33.2
3.34.0
3.35.0
3.36.0
3.37.0
3.38.0

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19
4.3.20
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
4.7.10
4.7.11
4.7.12
4.8.0-RC1
4.8.0
4.8.1
4.8.2
4.8.2.1
4.8.2.2
4.8.2.3
4.8.2.4
4.8.2.5
4.8.2.6
4.8.3
4.8.4
4.8.4.1
4.8.5
4.8.5.1
4.8.5.2
4.8.6
4.8.6.1
4.8.6.2
4.8.7
4.8.8
4.8.9
4.8.10
4.8.11
4.8.12
4.8.13
4.9.0
4.9.1
4.9.2
4.10.0
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.12.0
4.12.1
4.12.2
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.13.5
4.13.6
4.13.7
4.13.8
4.13.9
4.13.10
4.13.11
4.13.12
4.13.13
4.14.0
4.15.0

5.*

5.0.0
5.0.0.1
5.0.0.2
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.1.0
5.1.1
5.1.2
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.4.0
5.4.1
5.4.2
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.5.10
5.5.11
5.5.12
5.5.13
5.6.0

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.1.0
6.2.0
6.3.0
6.3.1
6.3.2
6.3.3
6.5.0
6.6.0
6.7.0
6.8.0
6.9.0
6.10.0
6.11.0
6.12.0
6.12.1
6.12.2
6.12.3
6.12.4
6.12.5
6.12.6
6.12.7
6.12.8
6.12.9
6.12.10
6.12.11
6.13.0
6.13.1
6.14.0
6.15.0
6.16.0
6.16.1
6.16.2