2 matches found
cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.microservices:cloud-altemistafwk-core-microservices-gateway-conf (=3.1.0.RELEASE) +78 more potentially affected by CVE-2021-22113 via org.springframework.cloud:spring-cloud-netflix-zuul (>=2.0.0.RELEASE <=2.2.6.RELEASE)
org.springframework.cloud:spring-cloud-netflix-zuul MAVEN version =2.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =D.0.1.0-Beta-3 and more Source cves: CVE-2021-22113 Source advisory: OSV:GHSA-VWPG-F6GW-RJVFhttps://vulners.com/osv/OSV:GHSA-VWPG-F6GW-RJVF...
CVE-2021-22113
The CVE-2021-22113 entry concerns Spring Cloud Netflix Zuul 2.2.6.RELEASE and earlier, where the Sensitive Headers functionality can be bypassed by specially constructed URLs. The Red Hat and GN documents corroborate that Zuul’s handling of sensitive headers is vulnerable, potentially allowing an...