Lucene search
Veracode Vulnerability DatabaseVERACODE:33087HistoryNov 24, 2021 - 1:18 p.m.
Remote Code Execution (RCE)
2021-11-2413:18:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
remote code execution
lack of validation
request uri
malicious request
springel expressions
spring cloud
thymeleaf
EPSS
0.628
Percentile
97.9%
spring-cloud-netflix-hystrix-dashboard is vulnerable to remote code execution. Lack of secure validation of request URI path allows an attacker to send a malicious request at /hystrix/monitor;[user-provided data],causing execution of malicious code because path elements following hystrix/monitor are being evaluated as SpringEL expressions in application which used spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf.
Related
githubexploit
githubexploit
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-21 08:47:56
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-22 18:26:16
Exploit for Code Injection in Vmware Spring Cloud Netflix
2021-11-21 08:47:56
osv
osv
Code injection in spring-cloud-netflix-hystrix-dashboard
2021-11-23 17:53:33
CVE-2021-22053
2021-11-19 16:15:07
nvd
nvd
CVE-2021-22053
2021-11-19 16:15:07
github
github
Code injection in spring-cloud-netflix-hystrix-dashboard
2021-11-23 17:53:33
cvelist
cvelist
CVE-2021-22053
2021-11-19 15:56:11
nuclei
nuclei
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
2021-11-29 13:12:08
checkpoint_advisories
checkpoint_advisories
VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)
2021-12-27 00:00:00
prion
prion
Design/Logic Flaw
2021-11-19 16:15:00
cve
cve
CVE-2021-22053
2021-11-19 16:15:07
ibm
ibm