Vulnerabilities > Oracle > Communications Cloud Native Core Policy > 22.1.3

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2022-22963 Expression Language Injection vulnerability in multiple products
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
network
low complexity
vmware oracle CWE-917
critical
 9.8
9.8
2021-12-17 CVE-2021-34141 Incorrect Comparison vulnerability in multiple products
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects.
network
low complexity
numpy oracle CWE-697
5.3
5.3
2021-11-10 CVE-2021-3572 A flaw was found in python-pip in the way it handled Unicode separators in git references.
network
low complexity
pypa oracle
5.7
5.7