Vulnerabilities > CVE-2022-23463 - Expression Language Injection vulnerability in Nepxion Discovery

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nepxion

CWE-917

critical

NVD

Published: 2022-09-24

Updated: 2022-09-28

Summary

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.

Vulnerable Configurations

Part	Description	Count
Application	Nepxion Nepxion Discovery - Nepxion Discovery 3.8.1 Nepxion Discovery 3.8.2 Nepxion Discovery 3.8.3 Nepxion Discovery 3.8.5 Nepxion Discovery 3.8.6 Nepxion Discovery 3.8.7 Nepxion Discovery 3.8.13 Nepxion Discovery 3.9.0 Nepxion Discovery 3.9.2 Nepxion Discovery 3.10.0 Nepxion Discovery 3.10.1 Nepxion Discovery 3.10.3 Nepxion Discovery 3.10.7 Nepxion Discovery 3.11.0 Nepxion Discovery 3.11.3 Nepxion Discovery 3.11.9 Nepxion Discovery 3.12.0 Nepxion Discovery 3.12.2 Nepxion Discovery 3.13.0 Nepxion Discovery 3.13.2 Nepxion Discovery 3.13.3 Nepxion Discovery 3.13.5 Nepxion Discovery 3.13.8 Nepxion Discovery 3.13.11 Nepxion Discovery 3.13.13 Nepxion Discovery 3.15.0 Nepxion Discovery 3.16.1 Nepxion Discovery 3.16.2 Nepxion Discovery 3.16.5 Nepxion Discovery 3.16.6 Nepxion Discovery 3.16.7 Nepxion Discovery 3.19.0 Nepxion Discovery 3.20.1 Nepxion Discovery 3.20.2 Nepxion Discovery 3.20.3 Nepxion Discovery 3.21.0 Nepxion Discovery 3.22.0 Nepxion Discovery 3.23.0 Nepxion Discovery 3.24.0 Nepxion Discovery 3.25.0 Nepxion Discovery 3.26.0 Nepxion Discovery 3.27.0 Nepxion Discovery 3.28.0 Nepxion Discovery 3.28.1 Nepxion Discovery 3.30.0 Nepxion Discovery 3.31.0 Nepxion Discovery 3.32.0 Nepxion Discovery 3.33.1 Nepxion Discovery 3.33.2 Nepxion Discovery 4.8.1 Nepxion Discovery 4.8.2 Nepxion Discovery 4.8.3 Nepxion Discovery 4.8.5 Nepxion Discovery 4.8.6 Nepxion Discovery 4.8.7 Nepxion Discovery 4.8.13 Nepxion Discovery 4.9.0 Nepxion Discovery 4.9.2 Nepxion Discovery 4.10.0 Nepxion Discovery 4.10.1 Nepxion Discovery 4.10.3 Nepxion Discovery 4.10.7 Nepxion Discovery 4.11.0 Nepxion Discovery 4.11.3 Nepxion Discovery 4.11.9 Nepxion Discovery 4.12.0 Nepxion Discovery 4.12.2 Nepxion Discovery 4.13.0 Nepxion Discovery 4.13.2 Nepxion Discovery 4.13.3 Nepxion Discovery 4.13.5 Nepxion Discovery 4.13.8 Nepxion Discovery 4.13.11 Nepxion Discovery 4.13.13 Nepxion Discovery 4.15.0 Nepxion Discovery 5.0.0 Nepxion Discovery 5.0.1 Nepxion Discovery 5.0.8 Nepxion Discovery 5.1.0 Nepxion Discovery 5.1.2 Nepxion Discovery 5.2.0 Nepxion Discovery 5.2.1 Nepxion Discovery 5.2.3 Nepxion Discovery 5.2.7 Nepxion Discovery 5.3.0 Nepxion Discovery 5.3.3 Nepxion Discovery 5.3.9 Nepxion Discovery 5.4.0 Nepxion Discovery 5.4.2 Nepxion Discovery 5.5.0 Nepxion Discovery 5.5.2 Nepxion Discovery 5.5.3 Nepxion Discovery 5.5.5 Nepxion Discovery 5.5.8 Nepxion Discovery 5.5.11 Nepxion Discovery 5.5.13 Nepxion Discovery 5.6.0 Nepxion Discovery 6.0.1 Nepxion Discovery 6.0.2 Nepxion Discovery 6.0.5 Nepxion Discovery 6.0.6 Nepxion Discovery 6.0.7 Nepxion Discovery 6.2.0 Nepxion Discovery 6.3.1 Nepxion Discovery 6.3.2 Nepxion Discovery 6.3.3 Nepxion Discovery 6.5.0 Nepxion Discovery 6.6.0 Nepxion Discovery 6.7.0 Nepxion Discovery 6.8.0 Nepxion Discovery 6.9.0 Nepxion Discovery 6.10.0 Nepxion Discovery 6.11.0 Nepxion Discovery 6.12.0 Nepxion Discovery 6.12.1 Nepxion Discovery 6.13.1 Nepxion Discovery 6.14.0 Nepxion Discovery 6.15.0 Nepxion Discovery 6.16.1 Nepxion Discovery 6.16.2	121

Common Weakness Enumeration (CWE)

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

References

https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/