CVE-2022-22947: VMware Spring Cloud Gateway Code Injection Vulnerability.
VMware Spring Cloud Gateway Code Injection Vulnerability. Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
- CISA KEV-listed (remediation due 2022-06-06)
- EPSS 94.5% (100.0% percentile)