Lucene search
K

750 matches found

GithubExploit
GithubExploit
added 2025/08/08 8:40 a.m.108 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Spring Cloud Gateway Vulnerability Demonstratio...

10CVSS8AI score0.98253EPSS
Exploits54
Spring Security Advisories
Spring Security Advisories
added 2025/08/05 12:0 a.m.5 views

This Week in Spring - August 5th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's August 5th! Which means we're only 20 days away until SpringOne 2025! Have you registered? There's so much to cover this week, so let's dive right into it! Spring Shell 3.4.1 is out! - the new release includes a number o...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/07/15 12:0 a.m.7 views

This Week in Spring - July 15th, 2025

Hi, Spring fans! It's already the 15th of July! We're closer to 2026 than we are to 2024. And time's sure flying. Like I will, tomorrow. I'll be flying to Denver for the amazing UBERCONF software show! I'll be doing a workshop and two talks, and if you're there, I hope you'll come say "hi"! Let's...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/07/01 12:0 a.m.7 views

This Week in Spring - July 1st, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's July!! This week, I'm on PTO, and as always, I'm looking for good reading material on the plane ride over for my holiday. Thank goodness for the ever-vibrant and awesome Spring community; there's tons of stuff to dive...

7.2AI score
Exploits0
Veracode
Veracode
added 2025/06/03 4:51 a.m.7 views

Spoofing Attack

org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Spoofing Attack. The vulnerability is due to insufficient validation of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to spoof client IP addresses...

8.6CVSS6.6AI score0.00276EPSS
Exploits0References3Affected Software2
Spring Security Advisories
Spring Security Advisories
added 2025/06/03 12:0 a.m.7 views

This Week in Spring - June 3rd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I just finished recording my session with IntelliJ IDEA project lead Aleksey Stukalov about all the amazing features coming to IntelliJ IDEA to better support Java, Kotlin, and Spring developers. It went off without a hitch...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.5 views

CVE-2025-41235

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS6.9AI score0.00276EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/30 6:43 a.m.1 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the improper validation of X-Forwarded-For and Forwarded headers forwarded from untrusted proxies. An attacker can manipulate the server's behavior by sending crafted headers fro...

8.6CVSS6.9AI score0.00276EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/05/30 6:43 a.m.8 views

cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE), cn.bctools:jvs-gateway (=1.1.0) +59 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=3.0.0 <=3.1.1)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =3.0.0, =1.0.0.RELEASE, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.0.0.Beta9, =1.1.0, =0.3.3, =1.1.1, =1.0.1, =1.0.4, =1.0.5 and more Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265481...

8.6CVSS7.5AI score0.00276EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:43 a.m.6 views

ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +43 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.2)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265481...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:43 a.m.7 views

com.codbex.phoebe:codbex-phoebe-application (>=0.2.0 <=2.44.0), org.springframework.cloud:spring-cloud-gateway-docs (>=4.2.1 <=4.2.2) +1 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.2.0 <=4.2.2)

org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.2.0, =0.2.0, =4.2.1, =4.2.0, =4.2.2 Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265482...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:43 a.m.9 views

org.springframework.cloud:spring-cloud-gateway-docs (>=4.1.3 <=4.1.7), org.springframework.cloud:spring-cloud-starter-gateway-mvc (>=4.1.0 <=4.1.7) potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.0, =4.1.3, =4.1.0, =4.1.7 Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265482...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:43 a.m.9 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +82 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.1.7)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =1.0.0, =1.0.0, =2023.4.1.0, =3.0.0.1, =15.0-RELEASE, =1.0.0, =0.1.0, =4.0.5, =0.9.0, =0.9.0, =1.3.0, =0.9.0, =0.12.8 and more Source cves: CVE-2025-41235 Source advisory:...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/05/30 6:30 a.m.13 views

Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS7.1AI score0.00276EPSS
Exploits0References3Affected Software2
vulnersOsv
vulnersOsv
added 2025/05/30 6:30 a.m.7 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +64 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.1.0, =0.2.0, =1.0.0, =1.0.0, =2024.1.0.0, =3.0.0.1, =15.0-RELEASE, =1.1.0, =4.2.3, =1.3.0, =0.10.2, =1.5.1, =1.6.0 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:30 a.m.6 views

cn.iosd:simple-starter-gateway (>=2023.4.1.0 <=2023.5.2.0), com.astercasc:aster-yuno-index-gateway (>=1.0.0 <=1.0.19) +44 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.0.9)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =2023.4.1.0, =1.0.0, =0.1.0, =0.9.0, =0.9.0, =0.9.0, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.10-2022.0.x and more Source cves: CVE-2025-412...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:30 a.m.3 views

cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +95 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.6.RELEASE <=3.1.1)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.6.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 - cn.sunxiansheng:common-cloud-gateway-starter =1.0.0 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...

8.6CVSS7.5AI score0.00276EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:30 a.m.6 views

com.codbex.phoebe:codbex-phoebe-application (>=0.2.0 <=2.44.0), org.springframework.cloud:httpclient (=4.1.9) +2 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.7 <=4.2.2)

org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.7, =0.2.0, =4.1.7, =4.1.7, =4.2.2 Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:30 a.m.12 views

ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +43 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.2)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...

8.6CVSS7.2AI score0.00276EPSS
Exploits0
NVD
NVD
added 2025/05/30 6:15 a.m.25 views

CVE-2025-41235

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS0.00276EPSS
Exploits0References1
Rows per page
Query Builder