CVE-2022-23463

Name of the Vulnerable Software and Affected Versions Nepxion Discovery (affected versions not specified)

Description The issue is related to SpEL Injection in discovery-commons, where the DiscoveryExpressionResolver’s eval method evaluates expressions with a StandardEvaluationContext. This allows the expression to interact with Java classes, such as java.lang.Runtime, leading to Remote Code Execution. There are no known workarounds for this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.