Lucene search
K

750 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.4 views

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

7.5CVSS6.9AI score0.01065EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.14 views

CVE-2021-22113

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...

5.3CVSS6.9AI score0.00819EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2025/12/30 12:0 a.m.7 views

This Year in Spring – December 30th, 2025

Hi, Spring fans! Can you believe it? It's already the 30th of December! I celebrated Christmas with my family in Los Angeles, then we jumped on a flight headed for Southeast Asia to ring in the New Year with more friends and family. I'm sitting at a café in the sweltering city of Kuala Lumpur,...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/12/23 12:0 a.m.10 views

This Week in Spring – December 23rd, 2025

Happy holidays, everyone! The year may be winding down, but the Spring ecosystem continues unabated. We’re now a few weeks past the generational Spring Boot 4.0 release in November, and there have been tons of releases and patches since then. There’s also equal excitement reflected in posts from...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/12/16 12:0 a.m.8 views

This Week in Spring – December 16th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it’s been! We’ve got around nine shopping days ’til Christmas, and the New Year is almost here! Things are moving so quickly and the Spring community is no exception! Let's dive into this week's wonderful...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/24 4:24 p.m.5 views

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-cloud-stream-template (=0.13.4)

@asyncapi/java-spring-cloud-stream-template NPM version =0.13.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-cloud-stream-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/11/24 2:12 p.m.5 views

EUVD-2025-198738

Malicious code in @asyncapi/java-spring-cloud-stream-template npm...

6.6AI score
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2025/11/18 12:0 a.m.6 views

This Week in Spring - November 18th, 2025

This Week in Spring - November 18th, 2025 Hi, Spring fans! I'm thrilled to be in New York City for an exciting week of joint presentations on Spring AI + Bedrock and Spring Boot with the legendary James Ward. First up: we'll present a workshop at the AI Native Dev Conf today, then speak at the...

6.9AI score
Exploits0
Veracode
Veracode
added 2025/10/24 1:13 p.m.7 views

Expression Language Injection

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection. The vulnerability is due to unsafe SpEL evaluation in routes due to the actuator gateway endpoint being exposed and accessible to untrusted users; attackers can create routes that use SpEL to read environment...

7.5CVSS6.6AI score0.00435EPSS
Exploits0References5Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2025/10/22 12:0 a.m.7 views

New Home for Spring Integration AWS

The Spring Integration for AWS was always an independent Spring Integration extension project with its own plans and release cycles. The consumption of this single jar library has always added a complexity from the dependency management perspective. It depends not only on Spring Integration modul...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/17 4:55 p.m.4 views

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.8AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 3:30 p.m.3 views

EUVD-2025-34761

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection...

7.5CVSS6.7AI score0.00435EPSS
Exploits0References5
OSV
OSV
added 2025/10/16 3:30 p.m.4 views

GHSA-FWXX-WV44-7QFG Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS5.9AI score0.00435EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/10/16 3:30 p.m.6 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +91 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.1.9)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =1.0.0, =1.0.0, =2023.4.1.0, =1.0.5, =1.0.4, =3.0.0.1, =15.0-RELEASE, =1.0.0, =0.1.0, =4.0.5, =0.9.0, =0.9.0, =0.11.0 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

7.5CVSS7.2AI score0.00435EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/16 3:30 p.m.3 views

cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +96 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.6.RELEASE <=3.1.10)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.6.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 - cn.sunxiansheng:common-cloud-gateway-starter =1.0.0 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

7.5CVSS7.4AI score0.00435EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/16 3:30 p.m.6 views

ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +37 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.3.0 <=4.3.1)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.3.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =1.8.9, =0.12.1, =0.12.1, =0.12.10, =3.10.0, =3.11.0 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

7.5CVSS7.4AI score0.00435EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/16 3:30 p.m.7 views

ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +45 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.5)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =1.6.0, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

7.5CVSS7.2AI score0.00435EPSS
Exploits0
NVD
NVD
added 2025/10/16 3:15 p.m.8 views

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS0.00435EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/16 2:25 p.m.11 views

CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS0.00435EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/16 2:25 p.m.3 views

CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.4AI score0.00435EPSS
Exploits0References2
Rows per page
Query Builder