module
Spring Cloud Gateway Remote Code Execution
| Disclosed |
|---|
| Jan 26, 2022 |
Disclosed
Jan 26, 2022
Description
This module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway
versions = 3.1.0 and 3.0.0 to 3.0.6. The vulnerability can be exploited when the Gateway Actuator
endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL
expressions to execute code and take control of the victim machine.
versions = 3.1.0 and 3.0.0 to 3.0.6. The vulnerability can be exploited when the Gateway Actuator
endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL
expressions to execute code and take control of the victim machine.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.