Lucene search
K

750 matches found

CVE
CVE
added 2025/05/30 5:57 a.m.90 views

CVE-2025-41235

CVE-2025-41235 concerns Spring Cloud Gateway Server and is linked to an HTTP header handling flaw: it forwards X-Forwarded-For and Forwarded headers from untrusted proxies, enabling potential HTTP request/response smuggling (CWE-444). The vulnerability is associated with the gateway’s header proc...

8.6CVSS7.2AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/30 5:57 a.m.76 views

CVE-2025-41235 CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/30 5:57 a.m.5 views

CVE-2025-41235 CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS8.6AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.2 views

Broadcom Spring Cloud Gateway Server 环境问题漏洞

Broadcom Spring Cloud Gateway Server is a managed service and API gateway for the VMware Tanzu Platform for Cloud Foundry from Broadcom, Inc. A security vulnerability exists in Broadcom Spring Cloud Gateway Server that originates from forwarding X-Forwarded-For and Forwarded headers from untruste...

8.6CVSS8.3AI score0.00276EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.7 views

PT-2025-23253 · Spring · Spring Cloud Gateway Server

Name of the Vulnerable Software and Affected Versions: Spring Cloud Gateway Server affected versions not specified Description: The issue concerns the forwarding of X-Forwarded-For and Forwarded headers from untrusted proxies by the Spring Cloud Gateway Server. This behavior can potentially lead ...

8.6CVSS8.4AI score0.00276EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/22 11:51 p.m.10 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS6.6AI score0.0127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:51 p.m.11 views

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the...

10CVSS9.7AI score0.98253EPSS
Exploits54References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:51 p.m.6 views

CVE-2022-22946

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates...

5.5CVSS6.8AI score0.04732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:13 p.m.6 views

CVE-2021-22051

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...

6.5CVSS6.8AI score0.00668EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/05/16 9:32 p.m.13 views

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...

3.1CVSS6.6AI score0.00351EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/08 7:11 a.m.8 views

CVE-2025-4328

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

5.1CVSS6.9AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/06 7:0 a.m.7 views

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

5.1CVSS4.1AI score0.00258EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/06 7:0 a.m.25 views

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

5.1CVSS0.00258EPSS
Exploits0References4
CVE
CVE
added 2025/05/06 7:0 a.m.56 views

CVE-2025-4328

CVE-2025-4328 affects the Spring Cloud Base project (component: HTTP Header Handler), specifically the function sendBack in MvcController.java. The vulnerability arises from improper handling of the Referer parameter, enabling an open redirect. Impact is described as remote exploitation with the ...

5.1CVSS4.1AI score0.00258EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.2 views

spring-cloud-base 安全漏洞

spring-cloud-base is an application by fp2952 individual developer. A security vulnerability exists in spring-cloud-base, which originates in the component HTTP Header Handler in the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/...

5.1CVSS4.8AI score0.00258EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2025/05/06 12:0 a.m.10 views

This Week in Spring - May 6th, 2025

Hi, Spring fans! As I write this, I'm winging my way to lovely London, UK, for the amazing Devoxx UK event! I'll be looking at the wide and wonderful world of Springdom. Then, from there, it's off to Code Remix in Miami. I'll also be speaking at the Tampa JUG while I'm there, so look out! After...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.5 views

PT-2025-19924 · Unknown · Spring-Cloud-Base

Name of the Vulnerable Software and Affected Versions: spring-cloud-base versions up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa Description: A problem has been declared in the function sendBack of the file...

5.1CVSS3.7AI score0.00258EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.5 views

PT-2025-36574

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux may allow an attacker to modify Spring Environment properties. This is possible when the Spring Boot actuator is a dependency,...

10CVSS6.3AI score0.03311EPSS
Exploits0References34
NVD
NVD
added 2025/04/10 6:15 p.m.10 views

CVE-2025-22232

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: You have Spring Vault on the classpath of your Spring Cloud Config Server and You are using the...

5.3CVSS0.00254EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 5:26 p.m.64 views

CVE-2025-22232

Summary: CVE-2025-22232 affects Spring Cloud Config Server when used with Vault and X-CONFIG-TOKEN. The issue arises because the default SessionManager (LifecycleAwareSessionManager or similar) persists the first Vault token it retrieves and continues using it, even if clients send a different to...

5.3CVSS5.2AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder