Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-22051 Vulnerability in maven package org.springframework.cloud:spring-cloud-gateway-server

Description

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.

Remediation

References

https://tanzu.vmware.com/security/cve-2021-22051

Related Vulnerabilities

CVE-2017-17068 Vulnerability in maven package org.webjars.npm:auth0-js

CVE-2023-37946 Vulnerability in maven package org.openshift.jenkins:openshift-login

CVE-2016-0712 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-portal

CVE-2021-36738 Vulnerability in maven package org.apache.portals.pluto.demo:applicant-mvcbean-cdi-jsp-portlet

CVE-2019-10420 Vulnerability in maven package org.jenkins-ci.plugins:assembla

Severity

High

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory