750 matches found
Spring Cloud Gateway Code Injection Vulnerability
Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host...
GHSA-878W-7GXP-MC63 SQL Injection in Spring Cloud Task
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...
SQL Injection in Spring Cloud Task
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...
VulnCheck KEV: CVE-2020-5410
Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...
VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)
A remote code execution vulnerability exists in VMware Spring Cloud Netflix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...
Remote Code Execution (RCE)
spring-cloud-netflix-hystrix-dashboard is vulnerable to remote code execution. Lack of secure validation of request URI path allows an attacker to send a malicious request at /hystrix/monitor;user-provided data,causing execution of malicious code because path elements following hystrix/monitor ar...
GHSA-GX3F-HQ7P-8FXV Code injection in spring-cloud-netflix-hystrix-dashboard
Applications using the spring-cloud-netflix-hystrix-dashboard expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following hystrix/monitor are being evaluated ...
cn.iisme.cloud:iisme-demos-nacos-web (=1.0.1), cn.iisme:iisme-demos-nacos-web (=1.0.0) +26 more potentially affected by CVE-2021-22053 via org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (>=1.0.0.RELEASE <=2.2.0.RELEASE)
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard MAVEN version =1.0.0.RELEASE, =3.0.0, =1.1.0, =1.1.0, =1.0, =1.0, =1.0.4, =1.0.1, =1.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2021-22053 Source advisory: OSV:GHSA-GX3F-HQ7P-8FXV...
CVE-2021-22053
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...
Design/Logic Flaw
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...
CVE-2021-22053
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...
CVE-2021-22053
CVE-2021-22053 affects Spring Cloud Netflix Hystrix Dashboard prior to 2.2.10 when used with spring-boot-starter-thymeleaf. The vulnerability arises because request URI path data is evaluated as SpringEL expressions during view template resolution (example: /hystrix/monitor;[data]), enabling remo...
VMware Spring Cloud Netflix 代码注入漏洞
Vmware VMware Spring Cloud Netflix is a service from Vmware, Inc. It provides Netflix OSS integration for Spring Boot applications by automatically configuring and binding to the Spring Environment and other Spring programming model idioms. A security vulnerability exists in VMware Spring Cloud...
Request injection in Spring Cloud Gateway
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...
GHSA-2R2V-Q399-QQ93 Request injection in Spring Cloud Gateway
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...
CVE-2021-22051
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...
CVE-2021-22051
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...