0x01 Vulnerability Background
Spring Cloud Function is a Spring Boot-based functional computing framework that abstracts away all transport details and infrastructure, allowing developers to retain all familiar tools and processes and focus on business logic.
Recently, the Department of Information Security has detected that Spring Cloud has officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the apply method of the RoutingFunction class in Spring Cloud Function will "spring.cloud.function.routing-expression" in the request header The parameter is processed as a Spel expression, resulting in a Spel expression injection vulnerability, which can be exploited by an attacker to remotely execute arbitrary code.
Reference link:https://github.com/spring-cloud/spring-cloud-function/commit/0e89ee27b2e76138c16bcba6f4bca906c4f3744f
0x02 risk level
serious
0x03 affects the version
Known affected apps and components:
| 1 |
|
0x04 Vulnerability Reappearance
0x05 vulnerability self-examination:
Users can check the references to the spring-cloud-function component in the application and check the current version:
If the program is packaged with Maven, you can check whether the relevant components are introduced in the pom.xml file of the project:
For project code that uses the org.springframework.cloud:spring-cloud-function-context component, you can use the following command to view the version:
| 1 |
|
If the current version is in the affected range, there is a security risk.
0x06 Repair suggestion
1. Repair patch
At present, the official has released a repair patch for this vulnerability. Please update the affected users as soon as possible for protection. Official link: GH-835 Fix RoutingFunction SpEL evaluation spring-cloud/spring-cloud-function@0e89ee2 GitHub
0x07 Reference URL:
https://blog.csdn.net/Moyun_vackbot/article/details/123821293http://blog.nsfocus.net/spring-cloud-function-spel/ Spring Cloud Function SPEL Vulnerability Warning|Cotton's Blog|Cotton's Blog