In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Spring_cloud_function | Vmware | * | 3.1.6 (including) |
| Spring_cloud_function | Vmware | 3.2.0 (including) | 3.2.2 (including) |
| Openshift Serveless 1.21 | RedHat | openshift-serverless-1/client-kn-rhel8:1.0.1-3 | * |
| Openshift Serveless 1.21 | RedHat | openshift-serverless-1/kn-cli-artifacts-rhel8:1.0.1-3 | * |
| Openshift Serverless 1 on RHEL 8 | RedHat | openshift-serverless-clients-0:1.0.1-2.el8 | * |