Exploit for #VU61754 Code Injection in Spring Cloud Function

Published: 2022-03-31 | Updated: 2023-07-10

Vulnerability identifier: #VU61754

Vulnerability risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-22963

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 22

July 10, 2023
- CVE-Exploits (CVE-POC) [Github]
June 29, 2023
- Exploit-for-CVE-2022-22963 (An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability)) [Github]
April 14, 2023
- CVE-2022-22963-Exploit (Rust-based exploit for the CVE-2022-22963 vulnerability) [Github]
March 28, 2023
- CVE-2022-22963-PoC (CVE-2022-22963 RCE PoC in python) [Github]
March 20, 2023
- CVE-2022-22963_Reverse-Shell-Exploit (CVE-2022-22963 is a vulnerability in the Spring Cloud Function Framework for Java that allows remote code execution. This python script will verify if the vulnerability exists, and if it does, will give you a reverse [Github]
March 13, 2023
- CVE-2022-22963 (spring cloud function 一键利用工具! by charis 博客https://charis3306.top/) [Github]
January 16, 2023
- CVE-2022-22963-POC () [Github]
May 23, 2022
- CVE-2022-22963 () [Github]
May 12, 2022
- Spring Cloud Function SpEL Injection [Metasploit]
April 15, 2022
- spring-cloud-function-rce (Spring Cloud Function SPEL表达式注入漏洞（CVE-2022-22963）) [Github]
April 14, 2022
- spring-spel-0day-poc (spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963) [Github]
April 5, 2022
- SpringCloudFunction-Research (CVE-2022-22963 research) [Github]
April 3, 2022
- CVE-2022-22963 (Spring Cloud Function Vulnerable Application / CVE-2022-22963) [Github]
April 1, 2022
- CVE-2022-22963 () [Github]
- CVE-2022-22963-Spring-Core-RCE (A Proof-of-Concept (PoC) of the Spring Core RCE (Spring4Shell or CVE-2022-22963) in Bash (Linux).) [Github]
March 31, 2022

Impact: Code execution

Vulnerable software:
Spring Cloud Function
Web applications / Other software

Vendor: VMware, Inc