Vmware Spring Cloud Netflix vulnerabilities
2 known vulnerabilities affecting vmware/spring_cloud_netflix.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-22053P1HIGHCVSS 8.8ExploitedPoC≥ 2.2.0, < 2.2.10vSpring Cloud Netflix versions 2.2.x prior to 2.2.10.Release + and old unsupported versions2021-11-19
CVE-2021-22053 [HIGH] CWE-94 CVE-2021-22053: Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf`
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL
nvd
CVE-2020-5412P2MEDIUMCVSS 6.5ExploitedPoCfixed in 2.1.6≥ 2.2.0, < 2.2.42020-08-07
CVE-2020-5412 [MEDIUM] CWE-441 CVE-2020-5412: Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupp
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be expo
nvd