12 matches found
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
VulnCheck KEV: CVE-2020-5412
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...
cn.iisme.cloud:iisme-demos-nacos-web (=1.0.1), cn.iisme:iisme-demos-nacos-web (=1.0.0) +26 more potentially affected by CVE-2021-22053 via org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (>=1.0.0.RELEASE <=2.2.0.RELEASE)
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard MAVEN version =1.0.0.RELEASE, =3.0.0, =1.1.0, =1.1.0, =1.0, =1.0, =1.0.4, =1.0.1, =1.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2021-22053 Source advisory: OSV:GHSA-GX3F-HQ7P-8FXV...
Design/Logic Flaw
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
Design/Logic Flaw
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
Unspecified Vulnerability in VMware Spring Cloud Netflix
Spring Cloud Netflix is various Netflix OSS component integrations. A security vulnerability exists in VMware Spring Cloud Netflix versions 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and unsupported older versions, which can be exploited by an attacker to send requests to other servers...
CVE-2020-5412
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...
Design/Logic Flaw
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...
CVE-2020-5412
Spring Cloud Netflix is affected in versions 2.2.x < 2.2.4 and 2.1.x