CVE | CVE-2022-23464 |
CVE Ordinal Value | 226402 |
Published Date | 2022-09-24T05:15Z |
Modified Date | 2022-09-28T15:39Z |
CWE Type | CWE-918 |
CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Description | Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds. |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/ |
Reference Description | MISC https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/ |
Reference Description | |
Tags | Exploit Third Party Advisory |
Sources | NIST MITRE |