CVE-2022-22963— Spring Framework 代码注入漏洞
公开利用映射 3
ExploitDB · 1 EDB-51577 [webapps]
Metasploit · 1 spring_cloud_function_spel_injection.rb [exploit]
Nuclei · 1 CVE-2022-22963.yaml [template]
已观察到在野利用 cisa_kev · confirmed
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2022-22963 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
对生成代码的控制不恰当(代码注入)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Spring Framework 代码注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 存在代码注入漏洞。目前暂无该漏洞信息,请随时关注CNNVD或厂商公告。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| - | Spring Cloud Function | Spring Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions | - |
二、漏洞 CVE-2022-22963 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963 | https://github.com/hktalent/spring-spel-0day-poc | POC详情 |
| 2 | CVE-2022-22963 PoC | https://github.com/dinosn/CVE-2022-22963 | POC详情 |
| 3 | CVE-2022-22963 Spring-Cloud-Function-SpEL_RCE_exploit | https://github.com/RanDengShiFu/CVE-2022-22963 | POC详情 |
| 4 | None | https://github.com/darryk10/CVE-2022-22963 | POC详情 |
| 5 | None | https://github.com/Kirill89/CVE-2022-22963-PoC | POC详情 |
| 6 | { Spring Core 0day CVE-2022-22963 } | https://github.com/stevemats/Spring0DayCoreExploit | POC详情 |
| 7 | None | https://github.com/puckiestyle/CVE-2022-22963 | POC详情 |
| 8 | Spring Cloud Function Vulnerable Application / CVE-2022-22963 | https://github.com/me2nuk/CVE-2022-22963 | POC详情 |
| 9 | This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell". | https://github.com/kh4sh3i/Spring-CVE | POC详情 |
| 10 | POC for CVE-2022-22963 | https://github.com/AayushmanThapaMagar/CVE-2022-22963 | POC详情 |
| 11 | Spring Cloud Function SpEL - cve-2022-22963 | https://github.com/twseptian/cve-2022-22963 | POC详情 |
| 12 | CVE-2022-22963 research | https://github.com/SealPaPaPa/SpringCloudFunction-Research | POC详情 |
| 13 | None | https://github.com/G01d3nW01f/CVE-2022-22963 | POC详情 |
| 14 | Spring Cloud Function SPEL表达式注入漏洞(CVE-2022-22963) | https://github.com/k3rwin/spring-cloud-function-rce | POC详情 |
| 15 | None | https://github.com/75ACOL/CVE-2022-22963 | POC详情 |
| 16 | None | https://github.com/dr6817/CVE-2022-22963 | POC详情 |
| 17 | None | https://github.com/iliass-dahman/CVE-2022-22963-POC | POC详情 |
| 18 | spring cloud function 一键利用工具! by charis 博客https://charis3306.top/ | https://github.com/charis3306/CVE-2022-22963 | POC详情 |
| 19 | CVE-2022-22963 RCE PoC in python | https://github.com/lemmyz4n3771/CVE-2022-22963-PoC | POC详情 |
| 20 | CVE-2022-22963 is a vulnerability in the Spring Cloud Function Framework for Java that allows remote code execution. This python script will verify if the vulnerability exists, and if it does, will give you a reverse shell. | https://github.com/J0ey17/CVE-2022-22963_Reverse-Shell-Exploit | POC详情 |
| 21 | None | https://github.com/Mustafa1986/CVE-2022-22963 | POC详情 |
| 22 | Rust-based exploit for the CVE-2022-22963 vulnerability | https://github.com/SourM1lk/CVE-2022-22963-Exploit | POC详情 |
| 23 | None | https://github.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE | POC详情 |
| 24 | Binaries for CVE-2022-22963 | https://github.com/gunzf0x/CVE-2022-22963 | POC详情 |
| 25 | Exploit for CVE-2022-22963 remote command execution in Spring Cloud Function | https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963 | POC详情 |
| 26 | An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability) | https://github.com/HenriVlasic/Exploit-for-CVE-2022-22963 | POC详情 |
| 27 | This is a POC for CVE-2022-22963 | https://github.com/BearClaw96/CVE-2022-22963-Poc-Bearcules | POC详情 |
| 28 | CVE-2022-22963-poc | https://github.com/xmqaq/CVE-2022-22963 | POC详情 |
| 29 | None | https://github.com/jrbH4CK/CVE-2022-22963 | POC详情 |
| 30 | An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability) | https://github.com/HenriV-V/Exploit-for-CVE-2022-22963 | POC详情 |
| 31 | CVE to CTF FP | https://github.com/Shayz614/CVE-2022-22963 | POC详情 |
| 32 | Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22963.yaml | POC详情 |
| 33 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring%20Cloud%20Function%20SpEL%E8%A1%A8%E8%BE%BE%E5%BC%8F%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%20CVE-2022-22963.md | POC详情 |
| 34 | https://github.com/vulhub/vulhub/blob/master/spring/CVE-2022-22963/README.md | POC详情 |
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2022-22963 的情报信息
请登录查看更多情报信息。
CVE-2022-22963 厂商安全公告 (3)
CVE-2022-22963 公开利用代码 (1)
CVE-2022-22963 其他参考 (1)
同批安全公告 · n/a · 2022-04-01 · 共 32 条
| CVE-2022-25017 | 9.1 CRITICAL | Hitron Technologies CHITA Router Firmware 操作系统命令注入漏洞 |
| CVE-2022-21235 | 8.1 HIGH | Masterminds VCS 参数注入漏洞 |
| CVE-2022-24440 | 8.1 HIGH | cocoapods-downloader 参数注入漏洞 |
| CVE-2022-21223 | 8.1 HIGH | cocoapods-downloader 参数注入漏洞 |
| CVE-2022-24066 | 8.1 HIGH | simple-git-hooks 参数注入漏洞 |
| CVE-2022-22950 | Vmware Spring Framework 安全漏洞 | |
| CVE-2021-23247 | quick game engine 命令注入漏洞 | |
| CVE-2021-32503 | SICK FieldEcho 资源管理错误漏洞 | |
| CVE-2021-3461 | Red Hat Keycloak代码问题漏洞 | |
| CVE-2021-20295 | Red Hat Enterprise Linux 缓冲区错误漏洞 | |
| CVE-2021-27223 | Kaspersky Anti-Virus安全漏洞 | |
| CVE-2022-27534 | Kaspersky Anti-Virus 安全漏洞 | |
| CVE-2022-25155 | Mitsubishi Electric MELSEC iQ-F series 授权问题漏洞 | |
| CVE-2022-25156 | Mitsubishi Electric MELSEC iQ-F series 加密问题漏洞 | |
| CVE-2022-25157 | Mitsubishi Electric MELSEC iQ-F series 授权问题漏洞 | |
| CVE-2022-25159 | Mitsubishi Electric MELSEC iQ-F series 安全漏洞 | |
| CVE-2022-25158 | Mitsubishi Electric MELSEC iQ-F series 安全漏洞 | |
| CVE-2022-25160 | Mitsubishi Electric Factory Automation 安全漏洞 | |
| CVE-2022-22965 | Spring Framework 代码注入漏洞 | |
| CVE-2021-3847 | Linux kernel 安全漏洞 |
显示前 20 条,共 32 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2022-22963
暂无评论