Lucene search
K

750 matches found

Prion
Prion
added 2021/11/08 2:15 p.m.21 views

Cross site request forgery (csrf)

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...

4CVSS6.6AI score0.00668EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/11/08 1:37 p.m.79 views

CVE-2021-22051

Spring Cloud Gateway is affected by CVE-2021-22051, where specially crafted requests could trigger an additional downstream request. The issue affects 3.0.x and 2.2.x releases; mitigation specifies upgrading to 3.0.5+ or 2.2.10.RELEASE+ (for affected versions). Remediation guidance explicitly rec...

6.5CVSS6.6AI score0.00668EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/08 1:37 p.m.19 views

CVE-2021-22051

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...

6.6AI score0.00668EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.7 views

Spring Cloud Gateway 安全漏洞

Spring Cloud Gateway is provides a library for building API gateways on top of Spring WebFlux. A security vulnerability exists in Spring Cloud Gateway that stems from the vulnerability of applications using SpringCloudGateway to carefully crafted requests that may make additional requests to...

6.5CVSS6.4AI score0.00668EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2021/11/04 12:0 a.m.6 views

Spring Cloud Gateway Request Vulnerability

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services...

6.5CVSS6.6AI score0.00668EPSS
Exploits0References1
OSV
OSV
added 2021/10/28 4:15 p.m.5 views

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

7.5CVSS7.3AI score0.01065EPSS
Exploits0References1
NVD
NVD
added 2021/10/28 4:15 p.m.20 views

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

7.5CVSS0.01065EPSS
Exploits0References1
Prion
Prion
added 2021/10/28 4:15 p.m.22 views

Design/Logic Flaw

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

5CVSS7.6AI score0.01065EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/28 3:20 p.m.17 views

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

7.7AI score0.01065EPSS
Exploits0References1
CVE
CVE
added 2021/10/28 3:20 p.m.89 views

CVE-2021-22044

The CVE-2021-22044 vulnerability affects Spring Cloud OpenFeign where applications using type-level @RequestMapping on Feign client interfaces may involuntarily expose endpoints corresponding to @RequestMapping-annotated methods. Affected versions include Spring Cloud OpenFeign 3.0.0–3.0.4 and 2....

7.5CVSS7.5AI score0.01065EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.3 views

Spring Cloud OpenFeign 安全漏洞

Vmware Spring Cloud OpenFeign is an open source, declarative Rest client for Spring Boot applications from Vmware, USA. A security vulnerability exists in Spring Cloud OpenFeign, which stems from the use of type-level "@RequestMapping" annotations on the Feign client interface in RELEASE and...

7.5CVSS7.7AI score0.01065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/10/28 12:0 a.m.5 views

PT-2021-14845 · Spring · Spring Cloud Openfeign

Name of the Vulnerable Software and Affected Versions: Spring Cloud OpenFeign versions 2.2.0.RELEASE through 2.2.9.RELEASE Spring Cloud OpenFeign versions 3.0.0 through 3.0.4 Description: The issue affects applications using type-level @RequestMapping annotations over Feign client interfaces,...

7.5CVSS7.9AI score0.01065EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/10/10 12:0 a.m.7 views

PT-2022-1950

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.47-alt1 through 2.4.57-alt2 Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ Description The Apache HTTP Server is affected by HTTP request splitting with mod rewrite and mod proxy CVE-2023-25690...

10CVSS7.7AI score0.99999EPSS
Exploits68References88
Gitee
Gitee
added 2021/10/09 4:9 p.m.3 views

SpringBootVulExploit

This repository is an offensive tool for Spring Boot exploitation. It contains various modules and scripts that can be used to exploit vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can b...

8.2AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/25 12:0 a.m.16 views

Improper Control of Generation of Code ('Code Injection')

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to upda...

8.7CVSS4.5AI score0.00877EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.4 views

spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack

A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack...

7.5CVSS7.4AI score0.95586EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.159 views

Moderate: Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update

A minor version update from 7.8 to 7.9 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

9.8CVSS7.1AI score0.9927EPSS
Exploits80References45
NVD
NVD
added 2021/08/11 6:15 p.m.10 views

CVE-2021-37694

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and al...

8.7CVSS0.00877EPSS
Exploits1References1
OSV
OSV
added 2021/08/11 6:15 p.m.13 views

CVE-2021-37694

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and al...

7.8CVSS7.4AI score
Exploits0References1
Prion
Prion
added 2021/08/11 6:15 p.m.19 views

Code injection

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and al...

6.8CVSS7.8AI score0.00877EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder