Lucene search
VmwareCVELIST:CVE-2021-22053HistoryNov 19, 2021 - 3:56 p.m.
CVE-2021-22053
2021-11-1915:56:11
CWE-94
vmware
www.cve.org
6
cve-2021-22053
spring-cloud-netflix-hystrix-dashboard
spring-boot-starter-thymeleaf
code execution
request uri path
view templates
springel expressions
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;[user-provided data], the path elements following hystrix/monitor are being evaluated as SpringEL expressions, which can lead to code execution.
CNA Affected
[
{
"product": "Spring Cloud Netflix",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Cloud Netflix versions 2.2.x prior to 2.2.10.Release + and old unsupported versions"
}
]
}
]References
Related
githubexploit
githubexploit
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-21 08:47:56
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-22 18:26:16
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-21 08:47:56
osv
osv
Code injection in spring-cloud-netflix-hystrix-dashboard
2021-11-23 17:53:33
CVE-2021-22053
2021-11-19 16:15:07
nvd
nvd
CVE-2021-22053
2021-11-19 16:15:07
github
github
Code injection in spring-cloud-netflix-hystrix-dashboard
2021-11-23 17:53:33
veracode
veracode
Remote Code Execution (RCE)
2021-11-24 13:18:50
nuclei
nuclei
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
2021-11-29 13:12:08
checkpoint_advisories
checkpoint_advisories
VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)
2021-12-27 00:00:00
prion
prion
Design/Logic Flaw
2021-11-19 16:15:00
cve
cve
CVE-2021-22053
2021-11-19 16:15:07
ibm
ibm