Spring By Vmware Spring Cloud Config vulnerabilities
2 known vulnerabilities affecting spring_by_vmware/spring_cloud_config.
Total CVEs
2
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-5410HIGHCVSS 7.5KEVPoC≥ 2.1, < 2.1.9≥ 2.2, < 2.2.32020-06-02
CVE-2020-5410 [HIGH] CWE-23 CVE-2020-5410: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsuppo
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
cvelistv5nvd
CVE-2020-5405MEDIUMCVSS 6.5PoC≥ 2.2, < 2.2.2≥ 2.1, < 2.1.72020-03-05
CVE-2020-5405 [MEDIUM] CWE-23 CVE-2020-5405: Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsuppo
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
cvelistv5nvd