2 matches found
CVE-2022-22947
CVE-2022-22947 affects Spring Cloud Gateway when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker can craft a request to the Actuator interface and cause arbitrary remote code execution on the host due to a code-injection vulnerability in the gateway routing/Act...
CVE-2021-22051
Spring Cloud Gateway is affected by CVE-2021-22051, where specially crafted requests could trigger an additional downstream request. The issue affects 3.0.x and 2.2.x releases; mitigation specifies upgrading to 3.0.5+ or 2.2.10.RELEASE+ (for affected versions). Remediation guidance explicitly rec...