| Vulnerable Component Details | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | Namespace | Name | Version | Package URL | ||||||||||||||
| maven | org.springframework.cloud | spring-cloud-function-context | 3.1.6 | pkg:maven/org.springframework.cloud/spring-cloud-function-context@3.1.6?type=jar | ||||||||||||||
| Vulnerability Details | ||||||||||||||||||
| ID | GHSA-6v73-fgf6-w5j7 | |||||||||||||||||
| Description | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | |||||||||||||||||
| Recommendation | Upgrade to version 3.1.7 or above.. || State: fixed | Fix Versions: 3.1.7 | |||||||||||||||||
| Ratings |
|
|||||||||||||||||
| Related Vulnerabilities | ||||||||||||||||||
| Found By | Anchore Grype , Aquasec Trivy , Sonotype OSS-Index , Gitlab Gemnasium | |||||||||||||||||
| References / Advisories |
|
|||||||||||||||||
| Weakness Enumeration | ||||||||||||||||||