CVE-2022-22963CISA KEV: Actively Exploited

VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability

Published Aug 25, 2022·Updated Aug 25, 2022

Description

When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Public Exploits & PoCs22 found

PoC: spring-spel-0day-poc

spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963

331

PoC: CVE-2022-22963

CVE-2022-22963 PoC

94

PoC: Spring-CVE

This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell".

13

PoC: CVE-2022-22963

CVE-2022-22963 Spring-Cloud-Function-SpEL_RCE_exploit

13

PoC: CVE-2022-22963

Spring Cloud Function Vulnerable Application / CVE-2022-22963

6

PoC: CVE-2022-22963-Spring-Core-RCE

A Proof-of-Concept (PoC) of the Spring Core RCE (Spring4Shell or CVE-2022-22963) in Bash (Linux).

6

PoC: spring-cloud-function-rce

Spring Cloud Function SPEL表达式注入漏洞(CVE-2022-22963)

5

PoC: CVE-2022-22963

spring cloud function 一键利用工具! by charis 博客http://www.charis3306.top/

2

PoC: cve-2022-22963

Spring Cloud Function SpEL - cve-2022-22963

2

PoC: Spring0DayCoreExploit

{ Spring Core 0day CVE-2022-22963 }

2

PoC: CVE-2022-22963

CVE-2022-22963-poc

1

PoC: CVE-2022-22963-PoC

CVE-2022-22963 RCE PoC in python

1

PoC: SpringCloudFunction-Research

CVE-2022-22963 research

1

PoC: CVE-2022-22963

POC for CVE-2022-22963

1

PoC: CVE-2022-22963

Simple exploit

PoC: CVE-2022-22963

CVE to CTF FP

PoC: CVE-2022-22963-Poc-Bearcules

This is a POC for CVE-2022-22963

PoC: Exploit-for-CVE-2022-22963

An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability)

PoC: RCE-in-Spring-Cloud-CVE-2022-22963

Exploit for CVE-2022-22963 remote command execution in Spring Cloud Function

PoC: CVE-2022-22963

Binaries for CVE-2022-22963

PoC: CVE-2022-22963-Exploit

Rust-based exploit for the CVE-2022-22963 vulnerability

PoC: CVE-2022-22963_Reverse-Shell-Exploit

CVE-2022-22963 is a vulnerability in the Spring Cloud Function Framework for Java that allows remote code execution. This python script will verify if the vulnerability exists, and if it does, will give you a reverse shell.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free