Relevant users can check whether there is an Actuator endpoint that enables Spring Cloud Gateway externaly in the Spring configuration file.
- management.endpoint.gateway.enabled=true
- management.endpoints.web.exposures.include=gateway
This PoC is not fully functional, some commands will work like ls, cat /etc/passwd but it can't give you back a reverse shell.