CVE-2022-22947CISA KEV: Actively Exploited

VMware Spring Cloud Gateway Code Injection Vulnerability

Published May 16, 2022·Updated May 16, 2022

Description

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

Public Exploits & PoCs52 found

PoC: Spring-Cloud-Gateway-CVE-2022-22947

CVE-2022-22947

175

PoC: cve-2022-22947-godzilla-memshell

CVE-2022-22947 注入Godzilla内存马

75

PoC: CVE-2022-22947_Rce_Exp

Spring Cloud Gateway 远程代码执行漏洞Exp Spring_Cloud_Gateway_RCE_Exp-CVE-2022-22947

47

PoC: CVE-2022-22947-POC

CVE-2022-22947批量检测脚本,超时时间不超过2s,已更新可反弹shell的EXP,欢迎师傅们试用

28

PoC: CVE-2022-22947

Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)

20

PoC: spring_cloud_gateway_memshell

CVE-2022-22947 memshell

12

PoC: SpringCloudGatewayRCE

SpringCloudGatewayRCE - CVE-2022-22947 / Code By:Tas9er

12

PoC: CVE-2022-22947

CVE-2022-22947_POC_EXP

11

PoC: CVE-2022-22947

CVE-2022-22947_EXP,CVE-2022-22947_RCE,CVE-2022-22947反弹shell,CVE-2022-22947 getshell

9

PoC: -cve-2022-22947-

cve-2022-22947 spring cloud gateway 批量扫描脚本

8

PoC: spring-cve-2022-22947

Spring cloud gateway code injection : CVE-2022-22947

8

PoC: spring-cloud-gateway-rce

spring-cloud-gateway-rce CVE-2022-22947

7

PoC: CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

Spring Cloud Gateway远程代码执行漏洞POC,基于命令执行的基础上,增加了反弹shell操作

7

PoC: CVE-2022-22947-exp

CVE-2022-22947 Exploit script

6

PoC: CVE-2022-22947

Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)

6

PoC: CVE-2022-22947

Spring Cloud Gateway Actuator API SpEL Code Injection.

6

PoC: SpEL

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947)批量检测工具

5

PoC: cve-2022-22947

Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)

4

PoC: springcloudRCE

Spring Cloud Gateway RCE - CVE-2022-22947

4

PoC: CVE-2022-22947-Rce_POC

批量url检测Spring-Cloud-Gateway-CVE-2022-22947

4

PoC: CVE-2022-22947-goby

日常更新一些顺手写的gobypoc,包含高危害EXP

3

PoC: CVE-2022-22947

Spring Cloud Gateway远程代码执行

2

PoC: CVE-2022-22947

poc for CVE-2022-22947

2

PoC: cve-2022-22947

Spring-Cloud-Gateway-CVE-2022-22947

2

PoC: CVE-2022-22947

Spring Cloud Gateway Actuator API 远程命令执行 CVE-2022-22947

2

PoC: SpringExploitGUI

一款Spring综合漏洞的利用工具,工具目前支持Spring Cloud Gateway RCE(CVE-2022-22947)、Spring Framework RCE (CVE-2022-22965) 的检测以及利用

1

PoC: CVE-2022-22947-

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947) 注入哥斯拉内存马

1

PoC: CVE-2022-22947

Spring-Cloud-Spel-RCE

1

PoC: CVE-2022-22947-POC-Reproduce

CVE-2022-22947 reproduce

1

PoC: Spring-Cloud-Gateway-CVE-2022-22947

Spring-Cloud-Gateway-CVE-2022-22947

1

PoC: spring-cloud-gateway-cve-2022-22947-report

Technical report about CVE-2022-22947 in Spring Cloud Gateway and its exploitation through exposed Actuator endpoints.

PoC: CyberSec2026

CVE-2022-22947 vulnerability task

PoC: CVE-2022-22947-pb-ai

一个由AI生成的漏洞验证应用

PoC: CVE-2022-22947

CVE-2022-22947 exploit script

PoC: SpringExploitGUI

一款Spring综合漏洞的利用工具,工具目前支持Spring Cloud Gateway RCE(CVE-2022-22947)、Spring Framework RCE (CVE-2022-22965) 的检测以及利用

PoC: CVE-2022-22947

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行Exp

PoC: cve-2022-22947

121

PoC: CVE-2022-22947

CVE-2022-22947注入哥斯拉内存马

PoC: Spring-Cloud-Gateway-Nacos

Nacos下Spring-Cloud-Gateway CVE-2022-22947利用

PoC: CVE-2022-22947-POC

Spring Cloud Gateway 远程代码执行漏洞 Spring_Cloud_Gateway_RCE_POC-CVE-2022-22947

PoC: CVE-2022-22947_EXP

一个可单独、批量验证的脚本,也可以反弹shell

PoC: Burp_VulPscan

burp被动扫描插件,目前只有CVE-2022-22947

PoC: CVE-2022-22947

Spring Cloud Gateway Actuator API SpEL Code Injection.

PoC: cve-2022-22947-docker

cve-2022-22947-docker

PoC: Spring-Cloud-GateWay-CVE-2022-22947-demon-code

调试代码包含断点信息,直接导入即可进行调试

PoC: CVE-2022-22947

SpringCloudGatewayRCE / Code By:Jun_sheng

PoC: CVE-2022-22947-POC

CVE-2022-22947批量检测脚本,回显命令没进行正则,大佬们先用着,后续再更

PoC: CVE-2022-22947-goby

日常更新一些顺手写的gobypoc,包含高危害EXP

PoC: CVE-2022-22947-RCE

CVE-2022-22947 RCE

PoC: CVE-2022-22947

Exp

PoC: Spring-Cloud-Gateway-CVE-2022-22947

Spring Cloud Gateway远程代码执行漏洞

PoC: cve-2022-22947

poc for cve-2022-22947

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free