Spring Cloud Function SPEL Expression Injection Vulnerability Alert
March 28, 2022
Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter “spring.cloud.function.routing-expression” in the request header is processed as a Spel expression by the apply method of the RoutingFunction class in Spring Cloud Function, resulting in a Spel expression injection vulnerability, which can be […]