Vulnerabilities > Oracle > Communications Cloud Native Core Policy > 22.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-01 | CVE-2022-22963 | Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | 9.8 |
2021-12-17 | CVE-2021-34141 | Incorrect Comparison vulnerability in multiple products An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. | 5.3 |
2021-11-10 | CVE-2021-3572 | A flaw was found in python-pip in the way it handled Unicode separators in git references. | 5.7 |