6 matches found
VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)
A remote code execution vulnerability exists in VMware Spring Cloud Netflix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
cn.iisme.cloud:iisme-demos-nacos-web (=1.0.1), cn.iisme:iisme-demos-nacos-web (=1.0.0) +26 more potentially affected by CVE-2021-22053 via org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (>=1.0.0.RELEASE <=2.2.0.RELEASE)
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard MAVEN version =1.0.0.RELEASE, =3.0.0, =1.1.0, =1.1.0, =1.0, =1.0, =1.0.4, =1.0.1, =1.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2021-22053 Source advisory: OSV:GHSA-GX3F-HQ7P-8FXV...
CVE-2021-22053
creationtimestamp| type| source ---|---|--- 2021-11-19 18:23:23+00:00| seen| https://t.me/cibsecurity/32701 2021-11-22 09:30:27+00:00| published-proof-of-concept| https://t.me/hackertrick/464 2021-11-22 10:37:29+00:00| published-proof-of-concept| https://t.me/BlueRedTeam/1205 2021-11-22...
CVE-2021-22053
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...
CVE-2021-22053
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...
CVE-2021-22053
CVE-2021-22053 affects Spring Cloud Netflix Hystrix Dashboard prior to 2.2.10 when used with spring-boot-starter-thymeleaf. The vulnerability arises because request URI path data is evaluated as SpringEL expressions during view template resolution (example: /hystrix/monitor;[data]), enabling remo...