Nepxion Discovery
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Nepxion Discovery.
By the Year
In 2026 there have been 0 vulnerabilities in Nepxion Discovery. Discovery did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 8.65 |
It may take a day or so for new Discovery vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nepxion Discovery Security Vulnerabilities
SSRF via RestTemplate in Nepxion Discovery (Spring Cloud)
CVE-2022-23464
7.5 - High
- September 24, 2022
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplates getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.
SSRF
SpEL Injection in Nepxion Discovery Commons Enables RCE
CVE-2022-23463
9.8 - Critical
- September 24, 2022
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolvers eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.
EL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nepxion Discovery or by Nepxion? Click the Watch button to subscribe.
