750 matches found
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 Spring Cloud Gateway Vulnerability Demonstratio...
This Week in Spring - August 5th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's August 5th! Which means we're only 20 days away until SpringOne 2025! Have you registered? There's so much to cover this week, so let's dive right into it! Spring Shell 3.4.1 is out! - the new release includes a number o...
This Week in Spring - July 15th, 2025
Hi, Spring fans! It's already the 15th of July! We're closer to 2026 than we are to 2024. And time's sure flying. Like I will, tomorrow. I'll be flying to Denver for the amazing UBERCONF software show! I'll be doing a workshop and two talks, and if you're there, I hope you'll come say "hi"! Let's...
This Week in Spring - July 1st, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's July!! This week, I'm on PTO, and as always, I'm looking for good reading material on the plane ride over for my holiday. Thank goodness for the ever-vibrant and awesome Spring community; there's tons of stuff to dive...
Spoofing Attack
org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Spoofing Attack. The vulnerability is due to insufficient validation of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to spoof client IP addresses...
This Week in Spring - June 3rd, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I just finished recording my session with IntelliJ IDEA project lead Aleksey Stukalov about all the amazing features coming to IntelliJ IDEA to better support Java, Kotlin, and Spring developers. It went off without a hitch...
CVE-2025-41235
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the improper validation of X-Forwarded-For and Forwarded headers forwarded from untrusted proxies. An attacker can manipulate the server's behavior by sending crafted headers fro...
cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE), cn.bctools:jvs-gateway (=1.1.0) +59 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=3.0.0 <=3.1.1)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =3.0.0, =1.0.0.RELEASE, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.0.0.Beta9, =1.1.0, =0.3.3, =1.1.1, =1.0.1, =1.0.4, =1.0.5 and more Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265481...
ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +43 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.2)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265481...
com.codbex.phoebe:codbex-phoebe-application (>=0.2.0 <=2.44.0), org.springframework.cloud:spring-cloud-gateway-docs (>=4.2.1 <=4.2.2) +1 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.2.0 <=4.2.2)
org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.2.0, =0.2.0, =4.2.1, =4.2.0, =4.2.2 Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265482...
org.springframework.cloud:spring-cloud-gateway-docs (>=4.1.3 <=4.1.7), org.springframework.cloud:spring-cloud-starter-gateway-mvc (>=4.1.0 <=4.1.7) potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.0 <=4.1.7)
org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.0, =4.1.3, =4.1.0, =4.1.7 Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265482...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +82 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.1.7)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =1.0.0, =1.0.0, =2023.4.1.0, =3.0.0.1, =15.0-RELEASE, =1.0.0, =0.1.0, =4.0.5, =0.9.0, =0.9.0, =1.3.0, =0.9.0, =0.12.8 and more Source cves: CVE-2025-41235 Source advisory:...
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +64 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.1.0 <=4.1.7)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.1.0, =0.2.0, =1.0.0, =1.0.0, =2024.1.0.0, =3.0.0.1, =15.0-RELEASE, =1.1.0, =4.2.3, =1.3.0, =0.10.2, =1.5.1, =1.6.0 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
cn.iosd:simple-starter-gateway (>=2023.4.1.0 <=2023.5.2.0), com.astercasc:aster-yuno-index-gateway (>=1.0.0 <=1.0.19) +44 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.0.9)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =2023.4.1.0, =1.0.0, =0.1.0, =0.9.0, =0.9.0, =0.9.0, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.0-2022.0.x, =1.11.10-2022.0.x and more Source cves: CVE-2025-412...
cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +95 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.6.RELEASE <=3.1.1)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.6.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 - cn.sunxiansheng:common-cloud-gateway-starter =1.0.0 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
com.codbex.phoebe:codbex-phoebe-application (>=0.2.0 <=2.44.0), org.springframework.cloud:httpclient (=4.1.9) +2 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.7 <=4.2.2)
org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.7, =0.2.0, =4.1.7, =4.1.7, =4.2.2 Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +43 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.2)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
CVE-2025-41235
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...