Moderate severityNVD Advisory· Published Sep 24, 2022· Updated Apr 22, 2025
Potential Server Side Request Forgery (SSRF) in Nepxion Discovery
CVE-2022-23464
Description
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.nepxion:discoveryMaven | <= 6.16.2 | — |
Affected products
2- Nepxion/Discoveryv5Range: 6.16.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-hhxh-qphc-v423ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23464ghsaADVISORY
- securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_DiscoveryghsaADVISORY
- securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.