Medium
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in access to local resources.
This vulnerability should not be confused with Spring4Shell, which is another vulnerability being exploited in the wild and hasn’t been allotted a CVE number yet.
VMware