Spring Cloud version 3.2.2 suffers from a remote command execution vulnerability.
d181f87e1828ab23231c1663a6b6c2406af8e9283ea467e7f313997dacb282edRed Hat Security Advisory 2022-1292-01 - This version of the OpenShift Serverless Operator, which is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10, includes a security fix. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.
af9c3ede75f6e92eac6576134c67a7192ade183a9daffb8552b6f816d77026cdRed Hat Security Advisory 2022-1291-01 - Red Hat OpenShift Serverless Client kn 1.21.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.
9feef76368da978f68221f391059ead0c6b9074e5810adbb913303328d782a09Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote code execution. Both patched and unpatched servers will respond with a 500 server error and a JSON encoded message.
191fd2ef6dcf8a98bc701657de72fbfe2250e9ec9091b7372a38ea1abcff6241
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed