VYPR

Maven package

com.nepxion/discovery

pkg:maven/com.nepxion/discovery

Vulnerabilities (2)

  • CVE-2022-23463Sep 24, 2022
    affected <= 6.16.2

    Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes su

  • CVE-2022-23464Sep 24, 2022
    affected <= 6.16.2

    Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Informatio