Description
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.
Remediation
References
https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/
Related Vulnerabilities
CVE-2023-26472 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-ui
CVE-2022-39249 Vulnerability in npm package matrix-js-sdk
CVE-2021-29418 Vulnerability in npm package netmask
CVE-2020-28445 Vulnerability in npm package npm-help
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r5