logo
DATABASE RESOURCES PRICING ABOUT US

Spring Cloud Gateway < 3.0.7 / 3.1.x < 3.1.1 Remote Code Execution

Description

In Spring Cloud Gateway versions prior to 3.1.1 and 3.0.7, applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker can craft a malicious request that could allow arbitrary remote execution on the remote host.


Related