Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2022-22947
PUBLISHEDIn spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator...
- Vendor
- VMware
- Product
- Spring Cloud Gateway
- Published
- Mar 03, 2022
- EPSS
- —
Description
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitation status
Exploited in the wild
Recorded 2022-05-16 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://tanzu.vmware.com/security/cve-2022-22947
- https://www.oracle.com/security-alerts/cpuapr2022.html
- http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | May 16, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/spring_cloud_gateway_rce.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22947.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-05-26 11:52:22 UTC · 2 stars
Spring Cloud Gateway Actuator API SpEL表达式注入命令执行Exp
github · Created 2022-08-23 06:38:46 UTC · 8 stars
github · Created 2022-08-03 02:51:26 UTC · 3 stars
github · Created 2022-06-08 09:52:23 UTC · 2 stars
批量检测Spring Cloud Gateway 远程代码执行漏洞 Spring_Cloud_Gateway_RCE_POC-CVE-2022-22947
github · Created 2022-05-19 14:58:45 UTC · 5 stars
一个可单独、批量验证的脚本,也可以反弹shell
github · Created 2022-05-16 15:27:41 UTC · 53 stars
Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947) 注入哥斯拉内存马
github · Created 2022-03-25 12:43:53 UTC · 1 stars
poc for CVE-2022-22947
github · Created 2022-03-10 03:51:47 UTC · 6 stars
CVE-2022-22947 Exploit script
github · Created 2022-03-08 09:32:36 UTC · 35 stars
CVE-2022-22947_EXP,CVE-2022-22947_RCE,CVE-2022-22947反弹shell,CVE-2022-22947 getshell
github · Created 2022-03-07 16:24:42 UTC · 7 stars
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
github · Created 2022-03-07 07:24:13 UTC · 13 stars
Spring Cloud Gateway远程代码执行漏洞POC,基于命令执行的基础上,增加了反弹shell操作
github · Created 2022-03-05 06:19:46 UTC · 2 stars
github · Created 2022-03-04 14:58:02 UTC · 7 stars
批量url检测Spring-Cloud-Gateway-CVE-2022-22947
github · Created 2022-03-04 11:45:35 UTC · 0 stars
CVE-2022-22947批量检测脚本,回显命令没进行正则,大佬们先用着,后续再更
github · Created 2022-03-04 09:47:55 UTC · 2 stars
Spring Cloud Gateway Actuator API 远程命令执行 CVE-2022-22947
github · Created 2022-03-04 06:38:26 UTC · 71 stars
CVE-2022-22947批量
github · Created 2022-03-04 02:36:02 UTC · 0 stars
Spring Cloud Gateway远程代码执行漏洞
github · Created 2022-03-04 02:27:50 UTC · 5 stars
github · Created 2022-03-03 18:26:18 UTC · 39 stars
Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)
github · Created 2022-03-03 13:13:02 UTC · 76 stars
Spring Cloud Gateway 远程代码执行漏洞Exp Spring_Cloud_Gateway_RCE_Exp-CVE-2022-22947
github · Created 2022-03-02 11:58:55 UTC · 219 stars
CVE-2022-22947
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit