CVE-2022-23464

Name of the Vulnerable Software and Affected Versions Nepxion Discovery (affected versions not specified)

Description The issue is related to a potential Server-Side Request Forgery (SSRF) in Nepxion Discovery, a solution for Spring Cloud. Specifically, the RouterResourceImpl uses RestTemplate's getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There are no known workarounds or patches available for this issue at the time of publication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.