What is /actuator/gateway/routes?

Created 17th August 2023
Updated 18th August 2023

CVE-2022-22947

This URI request is related to scanners looking for CVE-2022-22947 which is an exploit in the Spring Cloud Gateway, which is a library for building an API within the Spring framework.

The vulnerability was patched by VMWare in March 2021.

References

1. Viettel Cyber Security. (2022). CVE-2022-22947: Spring Cloud Gateway Code Injection Vulnerability. Retrieved August 15, 2023, from https://blog.viettelcybersecurity.com/cve-2022-22947-spring-cloud-gateway-code-injection-vulnerability/
2. Carlos E. Vieira. (2021). Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE). Exploit Database. Retrieved August 15, 2023, from https://www.exploit-db.com/exploits/50799