Lucene search

K
githubGitHub Advisory DatabaseGHSA-VWPG-F6GW-RJVF
HistoryMay 10, 2021 - 3:18 p.m.

Incorrect Authorization in Spring Cloud Netflix Zuul

2021-05-1015:18:50
CWE-863
GitHub Advisory Database
github.com
33

0.001 Low

EPSS

Percentile

35.6%

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security’s StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

0.001 Low

EPSS

Percentile

35.6%

Related for GHSA-VWPG-F6GW-RJVF