spring-cloud-function-context is vulnerable to remote code execution. The routing functionality allows a user to provide a malicious SpEL as a routing-expression which would allow arbitrary OS commands to be executed remotely.
github.com/hktalent/spring-spel-0day-poc
psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
tanzu.vmware.com/security/cve-2022-22963
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html