CVE-2022-22947
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-22947
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware Spring Cloud Gateway 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMware Spring Cloud Gateway是美国威睿(VMware)公司的提供了一个用于在 Spring WebFlux 之上构建 API 网关的库。 VMware Spring Cloud Gateway 存在代码注入漏洞,远程攻击者可利用该漏洞发出恶意的请求并允许在远程主机上执行任意远程命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Spring Cloud Gateway | Spring cloud gateway versions 3.1.x prior to 3.1.1+, 3.0.x prior to 3.0.7+ and all old and unsupported versions | - |
II. Public POCs for CVE-2022-22947
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2022-22947 | https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947 | POC Details |
| 2 | poc for cve-2022-22947 | https://github.com/scopion/cve-2022-22947 | POC Details |
| 3 | Spring cloud gateway code injection : CVE-2022-22947 | https://github.com/Vulnmachines/spring-cve-2022-22947 | POC Details |
| 4 | Spring Cloud Gateway 远程代码执行漏洞Exp Spring_Cloud_Gateway_RCE_Exp-CVE-2022-22947 | https://github.com/Axx8/CVE-2022-22947_Rce_Exp | POC Details |
| 5 | Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE) | https://github.com/crowsec-edtech/CVE-2022-22947 | POC Details |
| 6 | SpringCloudGatewayRCE - CVE-2022-22947 / Code By:Tas9er | https://github.com/Tas9er/SpringCloudGatewayRCE | POC Details |
| 7 | None | https://github.com/Greetdawn/CVE-2022-22947 | POC Details |
| 8 | Spring Cloud Gateway远程代码执行漏洞 | https://github.com/Summer177/Spring-Cloud-Gateway-CVE-2022-22947 | POC Details |
| 9 | Exp | https://github.com/BerMalBerIst/CVE-2022-22947 | POC Details |
| 10 | CVE-2021-42013批量 | https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway | POC Details |
| 11 | cve-2022-22947 spring cloud gateway 批量扫描脚本 | https://github.com/dingxiao77/-cve-2022-22947- | POC Details |
| 12 | 日常更新一些顺手写的gobypoc,包含高危害EXP | https://github.com/flying0er/CVE-2022-22947-goby | POC Details |
| 13 | Spring Cloud Gateway Actuator API 远程命令执行 CVE-2022-22947 | https://github.com/dbgee/CVE-2022-22947 | POC Details |
| 14 | Spring-Cloud-Gateway-CVE-2022-22947 | https://github.com/nu0l/cve-2022-22947 | POC Details |
| 15 | CVE-2022-22947批量检测脚本,回显命令没进行正则,大佬们先用着,后续再更 | https://github.com/nanaao/CVE-2022-22947-POC | POC Details |
| 16 | 批量url检测Spring-Cloud-Gateway-CVE-2022-22947 | https://github.com/hunzi0/CVE-2022-22947-Rce_POC | POC Details |
| 17 | None | https://github.com/22ke/CVE-2022-22947 | POC Details |
| 18 | Spring Cloud Gateway远程代码执行漏洞POC,基于命令执行的基础上,增加了反弹shell操作 | https://github.com/M0ge/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE | POC Details |
| 19 | Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947)批量检测工具 | https://github.com/YutuSec/SpEL | POC Details |
| 20 | SpringCloudGatewayRCE / Code By:Jun_sheng | https://github.com/Jun-5heng/CVE-2022-22947 | POC Details |
| 21 | None | https://github.com/darkb1rd/cve-2022-22947 | POC Details |
| 22 | Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947) | https://github.com/mrknow001/CVE-2022-22947 | POC Details |
| 23 | CVE-2022-22947_EXP,CVE-2022-22947_RCE,CVE-2022-22947反弹shell,CVE-2022-22947 getshell | https://github.com/aodsec/CVE-2022-22947 | POC Details |
| 24 | 调试代码包含断点信息,直接导入即可进行调试 | https://github.com/ba1ma0/Spring-Cloud-GateWay-CVE-2022-22947-demon-code | POC Details |
| 25 | CVE-2022-22947 Exploit script | https://github.com/Arrnitage/CVE-2022-22947_exp | POC Details |
| 26 | None | https://github.com/PaoPaoLong-lab/Spring-CVE-2022-22947- | POC Details |
| 27 | cve-2022-22947-docker | https://github.com/hh-hunter/cve-2022-22947-docker | POC Details |
| 28 | spring-cloud-gateway-rce CVE-2022-22947 | https://github.com/k3rwin/spring-cloud-gateway-rce | POC Details |
| 29 | None | https://github.com/bysinks/CVE-2022-22947 | POC Details |
| 30 | CVE-2022-22947_POC_EXP | https://github.com/Wrin9/CVE-2022-22947 | POC Details |
| 31 | CVE-2022-22947 memshell | https://github.com/viemsr/spring_cloud_gateway_memshell | POC Details |
| 32 | None | https://github.com/Enokiy/cve-2022-22947-spring-cloud-gateway | POC Details |
| 33 | poc for CVE-2022-22947 | https://github.com/Nathaniel1025/CVE-2022-22947 | POC Details |
| 34 | None | https://github.com/Vancomycin-g/CVE-2022-22947 | POC Details |
| 35 | None | https://github.com/scopion/CVE-2022-22947-exp | POC Details |
| 36 | Spring Cloud Gateway RCE - CVE-2022-22947 | https://github.com/sagaryadav8742/springcloudRCE | POC Details |
| 37 | Spring Cloud Gateway Actuator API SpEL Code Injection. | https://github.com/fbion/CVE-2022-22947 | POC Details |
| 38 | Spring-Cloud-Gateway-CVE-2022-22947 | https://github.com/talentsec/Spring-Cloud-Gateway-CVE-2022-22947 | POC Details |
| 39 | CVE-2022-22947 reproduce | https://github.com/aesm1p/CVE-2022-22947-POC-Reproduce | POC Details |
| 40 | Spring-Cloud-Spel-RCE | https://github.com/4nNns/CVE-2022-22947 | POC Details |
| 41 | burp被动扫描插件,目前只有CVE-2022-22947 | https://github.com/expzhizhuo/Burp_VulPscan | POC Details |
| 42 | Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947) | https://github.com/twseptian/cve-2022-22947 | POC Details |
| 43 | CVE-2022-22947 注入Godzilla内存马 | https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell | POC Details |
| 44 | Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947) 注入哥斯拉内存马 | https://github.com/0730Nophone/CVE-2022-22947- | POC Details |
| 45 | 一个可单独、批量验证的脚本,也可以反弹shell | https://github.com/anansec/CVE-2022-22947_EXP | POC Details |
| 46 | None | https://github.com/Wrong-pixel/CVE-2022-22947-exp | POC Details |
| 47 | 批量检测Spring Cloud Gateway 远程代码执行漏洞 Spring_Cloud_Gateway_RCE_POC-CVE-2022-22947 | https://github.com/stayfoolish777/CVE-2022-22947-POC | POC Details |
| 48 | Nacos下Spring-Cloud-Gateway CVE-2022-22947利用环境 | https://github.com/B0rn2d/Spring-Cloud-Gateway-Nacos | POC Details |
| 49 | None | https://github.com/kmahyyg/CVE-2022-22947 | POC Details |
| 50 | None | https://github.com/LY613313/CVE-2022-22947 | POC Details |
| 51 | None | https://github.com/SiJiDo/CVE-2022-22947 | POC Details |
| 52 | None | https://github.com/qq87234770/CVE-2022-22947 | POC Details |
| 53 | CVE-2022-22947注入哥斯拉内存马 | https://github.com/Zh0um1/CVE-2022-22947 | POC Details |
| 54 | 121 | https://github.com/wallbreak1991/cve-2022-22947 | POC Details |
| 55 | Spring Cloud Gateway Actuator API SpEL表达式注入命令执行Exp | https://github.com/Le1a/CVE-2022-22947 | POC Details |
| 56 | CVE-2022-22947_EXP,CVE-2022-22947_RCE,CVE-2022-22947反弹shell,CVE-2022-22947 getshell | https://github.com/0x7eTeam/CVE-2022-22947 | POC Details |
| 57 | 一款Spring综合漏洞的利用工具,工具目前支持Spring Cloud Gateway RCE(CVE-2022-22947)、Spring Framework RCE (CVE-2022-22965) 的检测以及利用 | https://github.com/charonlight/SpringExploitGUI | POC Details |
| 58 | CVE-2022-22947 exploit script | https://github.com/cc3305/CVE-2022-22947 | POC Details |
| 59 | None | https://github.com/Sumitpathania03/CVE-2022-22947 | POC Details |
| 60 | Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22947.yaml | POC Details |
| 61 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring%20Cloud%20Gateway%20Actuator%20API%20SpEL%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B3%A8%E5%85%A5%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%20CVE-2022-22947.md | POC Details |
| 62 | https://github.com/vulhub/vulhub/blob/master/spring/CVE-2022-22947/README.md | POC Details | |
| 63 | Spring Cloud Gateway 远程代码执行漏洞Exp Spring_Cloud_Gateway_RCE_Exp-CVE-2022-22947 | https://github.com/SecNN/CVE-2022-22947_Rce_Exp | POC Details |
| 64 | burp被动扫描插件,目前只有CVE-2022-22947 | https://github.com/kkx600/Burp_VulPscan | POC Details |
| 65 | 一个由AI生成的漏洞验证应用 | https://github.com/skysliently/CVE-2022-22947-pb-ai | POC Details |
| 66 | None | https://github.com/shoucheng3/spring-cloud__spring-cloud-gateway_CVE-2022-22947_3-0-6 | POC Details |
| 67 | Spring Cloud Gateway远程代码执行漏洞POC,基于命令执行的基础上,增加了反弹shell操作 | https://github.com/MoCh3n/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE | POC Details |
| 68 | 一款Spring综合漏洞的利用工具,工具目前支持Spring Cloud Gateway RCE(CVE-2022-22947)、Spring Framework RCE (CVE-2022-22965) 的检测以及利用 | https://github.com/superneilcn/SpringExploitGUI | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-22947
请登录查看更多情报信息。
Same Patch Batch · n/a · 2022-03-03 · 37 CVEs total
| CVE-2021-45819 | 6.4 MEDIUM | Wordline HIDCCEMonitorSVC 代码问题漏洞 |
| CVE-2021-3609 | Linux kernel 竞争条件问题漏洞 | |
| CVE-2022-26127 | FRRouting FRR 缓冲区错误漏洞 | |
| CVE-2022-26128 | FRRouting FRR 缓冲区错误漏洞 | |
| CVE-2022-26129 | FRRouting FRR 缓冲区错误漏洞 | |
| CVE-2022-23898 | MingSoft Mcms SQL注入漏洞 | |
| CVE-2022-23899 | MingSoft Mcms SQL注入漏洞 | |
| CVE-2022-25125 | MingSoft Mcms SQL注入漏洞 | |
| CVE-2022-22700 | CyberArk Identity 安全特征问题漏洞 | |
| CVE-2021-3620 | Red Hat Ansible 安全漏洞 | |
| CVE-2022-25138 | Axelor Open Suite 跨站脚本漏洞 | |
| CVE-2021-3602 | Buildah 信息泄露漏洞 | |
| CVE-2021-3762 | Clair 路径遍历漏洞 | |
| CVE-2021-4002 | Linux kernel 安全漏洞 | |
| CVE-2022-23051 | PeTeReport 跨站脚本漏洞 | |
| CVE-2022-23052 | PeTeReport 跨站请求伪造漏洞 | |
| CVE-2022-25220 | PeTeReport 跨站脚本漏洞 | |
| CVE-2022-22943 | VMware Tools for Windows 代码问题漏洞 | |
| CVE-2021-3640 | Linux kernel 资源管理错误漏洞 | |
| CVE-2022-23849 | Devolutions Password Hub 授权问题漏洞 |
Showing top 20 of 37 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
Same weakness: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. Comments for CVE-2022-22947
No comments yet