Lucene search
K

750 matches found

Spring Security Advisories
Spring Security Advisories
added 2022/03/01 12:0 a.m.5 views

Spring Cloud Gateway Code Injection Vulnerability

Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host...

10CVSS7.8AI score0.98253EPSS
Exploits54References1
OSV
OSV
added 2022/02/09 10:16 p.m.32 views

GHSA-878W-7GXP-MC63 SQL Injection in Spring Cloud Task

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...

6CVSS6.3AI score0.00514EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/09 10:16 p.m.22 views

SQL Injection in Spring Cloud Task

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...

6.5CVSS6.8AI score0.00514EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2022/01/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-5410

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

7.5CVSS6.9AI score0.95586EPSS
Exploits3References1
Check Point Advisories
Check Point Advisories
added 2021/12/27 12:0 a.m.13 views

VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)

A remote code execution vulnerability exists in VMware Spring Cloud Netflix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.7AI score0.12694EPSS
Exploits0
VMware
VMware
added 2021/12/10 12:0 a.m.153 views

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

9.3CVSS0.4AI score0.99999EPSS
Exploits353References4Affected Software55
VMware
VMware
added 2021/12/10 12:0 a.m.152 views

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

9.3CVSS0.4AI score0.99999EPSS
Exploits353References4Affected Software54
VMware
VMware
added 2021/12/10 12:0 a.m.62 views

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

9.3CVSS0.4AI score0.99999EPSS
Exploits351References4Affected Software51
Veracode
Veracode
added 2021/11/24 1:18 p.m.29 views

Remote Code Execution (RCE)

spring-cloud-netflix-hystrix-dashboard is vulnerable to remote code execution. Lack of secure validation of request URI path allows an attacker to send a malicious request at /hystrix/monitor;user-provided data,causing execution of malicious code because path elements following hystrix/monitor ar...

8.8CVSS4.2AI score0.12694EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/11/23 5:53 p.m.120 views

GHSA-GX3F-HQ7P-8FXV Code injection in spring-cloud-netflix-hystrix-dashboard

Applications using the spring-cloud-netflix-hystrix-dashboard expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following hystrix/monitor are being evaluated ...

7.6CVSS8.8AI score0.12694EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/11/23 5:53 p.m.3 views

cn.iisme.cloud:iisme-demos-nacos-web (=1.0.1), cn.iisme:iisme-demos-nacos-web (=1.0.0) +26 more potentially affected by CVE-2021-22053 via org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (>=1.0.0.RELEASE <=2.2.0.RELEASE)

org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard MAVEN version =1.0.0.RELEASE, =3.0.0, =1.1.0, =1.1.0, =1.0, =1.0, =1.0.4, =1.0.1, =1.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2021-22053 Source advisory: OSV:GHSA-GX3F-HQ7P-8FXV...

8.8CVSS7.1AI score0.12694EPSS
Exploits0
OSV
OSV
added 2021/11/19 4:15 p.m.40 views

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

8.8CVSS7.3AI score0.12694EPSS
Exploits0References1
Prion
Prion
added 2021/11/19 4:15 p.m.15 views

Design/Logic Flaw

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

6.5CVSS8.8AI score0.12694EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/19 3:56 p.m.50 views

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

9.2AI score0.12694EPSS
Exploits0References1
CVE
CVE
added 2021/11/19 3:56 p.m.144 views

CVE-2021-22053

CVE-2021-22053 affects Spring Cloud Netflix Hystrix Dashboard prior to 2.2.10 when used with spring-boot-starter-thymeleaf. The vulnerability arises because request URI path data is evaluated as SpringEL expressions during view template resolution (example: /hystrix/monitor;[data]), enabling remo...

8.8CVSS8.8AI score0.12694EPSS
In wildExploits0References1Affected Software1
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.21 views

VMware Spring Cloud Netflix 代码注入漏洞

Vmware VMware Spring Cloud Netflix is a service from Vmware, Inc. It provides Netflix OSS integration for Spring Boot applications by automatically configuring and binding to the Spring Environment and other Spring programming model idioms. A security vulnerability exists in VMware Spring Cloud...

8.8CVSS7.8AI score0.12694EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/11/10 7:45 p.m.34 views

Request injection in Spring Cloud Gateway

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...

6.5CVSS3.8AI score0.00668EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/11/10 7:45 p.m.23 views

GHSA-2R2V-Q399-QQ93 Request injection in Spring Cloud Gateway

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...

6.5CVSS6.6AI score0.00668EPSS
Exploits0References2
NVD
NVD
added 2021/11/08 2:15 p.m.17 views

CVE-2021-22051

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...

6.5CVSS0.00668EPSS
Exploits0References1
OSV
OSV
added 2021/11/08 2:15 p.m.29 views

CVE-2021-22051

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...

6.5CVSS6.8AI score0.00668EPSS
Exploits0References1
Rows per page
Query Builder