Is CVE-2022-22947 patched on this host?

In Spring Cloud Gateway, the actuator endpoint is vulnerable to an arbitrary code execution attack in versions before 3.1.1+ and 3.0.7+. This TTP sends a curl request that will attempt to publish a new endpoint and run the 'id' command on the remote host. A remote attacker could make a maliciously crafted request that allows arbitrary code execution on the remote host.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is Spring Cloud Gateway patched against CVE-2022-22947?


Sends a crafted curl request to execute code via Spring Cloud Gateway.