Back to Advisories
🔔 CVE Advisory

CVE-2022-22947

Spring Cloud Gateway

Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Year 2022
Published March 10, 2022

Advisory Information

Affected Product Spring Cloud Gateway
Title CVE-2022-22947
Description

Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Year 2022
Published Date March 10, 2022
View Full CVE Advisory

Affected Vendors

V
VMWare

Research Team

hoangnx99
hoangnx99
Senior Researcher