22 matches found
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
EUVD-2021-1208
Malware in sbrugna...
EUVD-2018-4517
Malware in sbrugna...
Incorrect Authorization in Spring Cloud Netflix Zuul
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.microservices:cloud-altemistafwk-core-microservices-gateway-conf (=3.1.0.RELEASE) +78 more potentially affected by CVE-2021-22113 via org.springframework.cloud:spring-cloud-netflix-zuul (>=2.0.0.RELEASE <=2.2.6.RELEASE)
org.springframework.cloud:spring-cloud-netflix-zuul MAVEN version =2.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =D.0.1.0-Beta-3 and more Source cves: CVE-2021-22113 Source advisory: OSV:GHSA-VWPG-F6GW-RJVFhttps://vulners.com/osv/OSV:GHSA-VWPG-F6GW-RJVF...
Possible request smuggling in HTTP/2 due missing validation
Impact If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
Design/Logic Flaw
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
CVE-2021-22113
The CVE-2021-22113 entry concerns Spring Cloud Netflix Zuul 2.2.6.RELEASE and earlier, where the Sensitive Headers functionality can be bypassed by specially constructed URLs. The Red Hat and GN documents corroborate that Zuul’s handling of sensitive headers is vulnerable, potentially allowing an...
Vmware Spring Cloud Security Vulnerability
Vmware Spring Cloud Config is a set of configuration management solutions for distributed systems from Vmware. The product focuses on providing server and client support for external configuration in distributed systems. Spring Cloud Netflix Zuul 2.2.6.RELEASE A security vulnerability exists in t...
zuul-status.nemebean.com XSS vulnerability
Open Bug Bounty ID: OBB-638921 Description| Value ---|--- Affected Website:| zuul-status.nemebean.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Zuul Information Disclosure Vulnerability
Zuul is a gateway service that provides dynamic routing, monitoring and security. A security vulnerability exists in version 3.x of Zuul prior to 3.1.0. An attacker could exploit the vulnerability to disclose credentials or other sensitive information...
Information Disclosure
zuul is vulnerable to information disclosure. This is possible because the no-log attribute of a task is not properly handled when the nodes are offline during the build. Therefore, an unreachable error in a task with a loop variable ex: withitems could expose the contents of the loop items on th...
CVE-2018-12557
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the nolog attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable e.g., withitems, the contents of the loop items would be printed in the console. This could...
Code injection
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the nolog attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable e.g., withitems, the contents of the loop items would be printed in the console. This could...
CVE-2018-12557
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the nolog attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable e.g., withitems, the contents of the loop items would be printed in the console. This could...
CVE-2018-12557
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the nolog attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable e.g., withitems, the contents of the loop items would be printed in the console. This could...
CVE-2018-12557
CVE-2018-12557 affects Zuul 3.x prior to 3.1.0. If nodes go offline during a build, the task's no_log setting is ignored; if an unreachable error occurs in a task using a loop variable (e.g., with_items), the contents of the loop items may be printed to the console, potentially leaking credential...