VYPR
Critical severityCISA KEVNVD Advisory· Published Apr 1, 2022· Updated Oct 21, 2025

CVE-2022-22963

CVE-2022-22963

Description

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.cloud:spring-cloud-function-contextMaven
>= 3.2.0, < 3.2.33.2.3
org.springframework.cloud:spring-cloud-function-contextMaven
< 3.1.73.1.7

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.