750 matches found
CVE-2025-41235
CVE-2025-41235 concerns Spring Cloud Gateway Server and is linked to an HTTP header handling flaw: it forwards X-Forwarded-For and Forwarded headers from untrusted proxies, enabling potential HTTP request/response smuggling (CWE-444). The vulnerability is associated with the gateway’s header proc...
CVE-2025-41235 CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...
CVE-2025-41235 CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...
Broadcom Spring Cloud Gateway Server 环境问题漏洞
Broadcom Spring Cloud Gateway Server is a managed service and API gateway for the VMware Tanzu Platform for Cloud Foundry from Broadcom, Inc. A security vulnerability exists in Broadcom Spring Cloud Gateway Server that originates from forwarding X-Forwarded-For and Forwarded headers from untruste...
PT-2025-23253 · Spring · Spring Cloud Gateway Server
Name of the Vulnerable Software and Affected Versions: Spring Cloud Gateway Server affected versions not specified Description: The issue concerns the forwarding of X-Forwarded-For and Forwarded headers from untrusted proxies by the Spring Cloud Gateway Server. This behavior can potentially lead ...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22947
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the...
CVE-2022-22946
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates...
CVE-2021-22051
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...
CVE-2025-4328
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...
CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...
CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...
CVE-2025-4328
CVE-2025-4328 affects the Spring Cloud Base project (component: HTTP Header Handler), specifically the function sendBack in MvcController.java. The vulnerability arises from improper handling of the Referer parameter, enabling an open redirect. Impact is described as remote exploitation with the ...
spring-cloud-base 安全漏洞
spring-cloud-base is an application by fp2952 individual developer. A security vulnerability exists in spring-cloud-base, which originates in the component HTTP Header Handler in the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/...
This Week in Spring - May 6th, 2025
Hi, Spring fans! As I write this, I'm winging my way to lovely London, UK, for the amazing Devoxx UK event! I'll be looking at the wide and wonderful world of Springdom. Then, from there, it's off to Code Remix in Miami. I'll also be speaking at the Tampa JUG while I'm there, so look out! After...
PT-2025-19924 · Unknown · Spring-Cloud-Base
Name of the Vulnerable Software and Affected Versions: spring-cloud-base versions up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa Description: A problem has been declared in the function sendBack of the file...
PT-2025-36574
Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux may allow an attacker to modify Spring Environment properties. This is possible when the Spring Boot actuator is a dependency,...
CVE-2025-22232
Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: You have Spring Vault on the classpath of your Spring Cloud Config Server and You are using the...
CVE-2025-22232
Summary: CVE-2025-22232 affects Spring Cloud Config Server when used with Vault and X-CONFIG-TOKEN. The issue arises because the default SessionManager (LifecycleAwareSessionManager or similar) persists the first Vault token it retrieves and continues using it, even if clients send a different to...