CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

This Week in Spring - March 7th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's an amazing week, and this week we've got a lot to look at. Let's dive right into it. Spring Cloud Function for Azure Function Spring Data 2022.0.3 and 2021.2.9 released Spring R2DBC for Reactive Relational Databases in...

This Week in Spring - August 30th, 2022

Hi, Spring fans! How are you? Howre you doin this fine tuesday morning? Im doing well, of course, because this week VMwares tentpole show - VMware Explore - is happening not even a mile from my home, here in San Francisco! And this is just the first one - therell be another show, my favorite show...

cc.vihackerframework:vihacker-cloud-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-feign-starter (>=1.0.4.R <=1.0.6.R) +330 more potentially affected by CVE-2021-22044 via org.springframework.cloud:spring-cloud-openfeign-core (>=3.0.0 <=3.0.4)

org.springframework.cloud:spring-cloud-openfeign-core MAVEN version =3.0.0, =1.0.4.R, =1.0.4.R, =1.2.12, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-22044 Source advisory: OSV:GHSA-PF94-6V2V-CM3J...

Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

GHSA-PF94-6V2V-CM3J Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

Involuntary Endpoint Exposure

org.springframework.cloud, spring-cloud-openfeign-core is vulnerable to involuntary endpoint exposure. An attacker is able to listen to requests from the corresponding server-side endpoint, when @RequestMapping annotation is used over feign client interfaces...

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

Spring Cloud OpenFeign 安全漏洞

Vmware Spring Cloud OpenFeign is an open source, declarative Rest client for Spring Boot applications from Vmware, USA. A security vulnerability exists in Spring Cloud OpenFeign, which stems from the use of type-level "@RequestMapping" annotations on the Feign client interface in RELEASE and...

PT-2021-14845 · Spring · Spring Cloud Openfeign

Name of the Vulnerable Software and Affected Versions: Spring Cloud OpenFeign versions 2.2.0.RELEASE through 2.2.9.RELEASE Spring Cloud OpenFeign versions 3.0.0 through 3.0.4 Description: The issue affects applications using type-level @RequestMapping annotations over Feign client interfaces,...