{"url":"http://public2.vulnerablecode.io/api/packages/560275?format=json","purl":"pkg:maven/org.springframework.cloud/spring-cloud-gateway@2.2.5.RELEASE","type":"maven","namespace":"org.springframework.cloud","name":"spring-cloud-gateway","version":"2.2.5.RELEASE","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.7","latest_non_vulnerable_version":"4.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42573?format=json","vulnerability_id":"VCID-zmjy-stcs-x7d1","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nIn spring cloud gateway versions prior to 3.1.1+ and 3.0.7+, applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.","references":[{"reference_url":"http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:53:56Z/"}],"url":"http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:53:56Z/"}],"url":"http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22947","reference_id":"","reference_type":"","scores":[{"value":"0.94461","scoring_system":"epss","scoring_elements":"0.99995","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22947"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:53:56Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:53:56Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50799.py","reference_id":"CVE-2022-22947","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50799.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22947","reference_id":"CVE-2022-22947","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22947"},{"reference_url":"https://tanzu.vmware.com/security/cve-2022-22947","reference_id":"CVE-2022-22947","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:53:56Z/"}],"url":"https://tanzu.vmware.com/security/cve-2022-22947"},{"reference_url":"https://github.com/advisories/GHSA-3gx9-37ww-9qw6","reference_id":"GHSA-3gx9-37ww-9qw6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gx9-37ww-9qw6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60887?format=json","purl":"pkg:maven/org.springframework.cloud/spring-cloud-gateway@3.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway@3.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/60888?format=json","purl":"pkg:maven/org.springframework.cloud/spring-cloud-gateway@3.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway@3.1.1"}],"aliases":["CVE-2022-22947","GHSA-3gx9-37ww-9qw6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmjy-stcs-x7d1"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway@2.2.5.RELEASE"}