CVE-2022-22963: VMware Tanzu Spring Cloud Function Remote Code Execution
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability. When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
- CISA KEV-listed (remediation due 2022-09-15)
- EPSS 94.5% (100.0% percentile)