Lucene search
GoogleOSV:GHSA-GX3F-HQ7P-8FXVHistoryNov 23, 2021 - 5:53 p.m.
Code injection in spring-cloud-netflix-hystrix-dashboard
2021-11-2317:53:33
Google
osv.dev
88
spring-cloud
code injection
hystrix-dashboard
EPSS
0.628
Percentile
97.9%
Applications using the spring-cloud-netflix-hystrix-dashboard expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;[user-provided data], the path elements following hystrix/monitor are being evaluated as SpringEL expressions, which can lead to code execution.
Related
githubexploit
githubexploit
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-21 08:47:56
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-22 18:26:16
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-21 08:47:56
osv
osv
CVE-2021-22053
2021-11-19 16:15:07
nvd
nvd
CVE-2021-22053
2021-11-19 16:15:07
github
github
Code injection in spring-cloud-netflix-hystrix-dashboard
2021-11-23 17:53:33
veracode
veracode
Remote Code Execution (RCE)
2021-11-24 13:18:50
cvelist
cvelist
CVE-2021-22053
2021-11-19 15:56:11
nuclei
nuclei
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
2021-11-29 13:12:08
checkpoint_advisories
checkpoint_advisories
VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)
2021-12-27 00:00:00
prion
prion
Design/Logic Flaw
2021-11-19 16:15:00
cve
cve
CVE-2021-22053
2021-11-19 16:15:07
ibm
ibm