Lucene search
GoogleOSV:CVE-2021-22053HistoryNov 19, 2021 - 4:15 p.m.
CVE-2021-22053
2021-11-1916:15:07
Google
osv.dev
2
code execution vulnerability
spring-cloud-netflix-hystrix-dashboard
spring-boot-starter-thymeleaf
uri path vulnerability
view templates
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;[user-provided data], the path elements following hystrix/monitor are being evaluated as SpringEL expressions, which can lead to code execution.
References
Related
githubexploit
githubexploit
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-21 08:47:56
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-22 18:26:16
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-21 08:47:56
osv
osv
Code injection in spring-cloud-netflix-hystrix-dashboard
2021-11-23 17:53:33
nvd
nvd
CVE-2021-22053
2021-11-19 16:15:07
github
github
Code injection in spring-cloud-netflix-hystrix-dashboard
2021-11-23 17:53:33
veracode
veracode
Remote Code Execution (RCE)
2021-11-24 13:18:50
cvelist
cvelist
CVE-2021-22053
2021-11-19 15:56:11
nuclei
nuclei
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
2021-11-29 13:12:08
checkpoint_advisories
checkpoint_advisories
VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)
2021-12-27 00:00:00
prion
prion
Design/Logic Flaw
2021-11-19 16:15:00
cve
cve
CVE-2021-22053
2021-11-19 16:15:07
ibm
ibm