VMware Spring Cloud Gateway 2.0.0

CPE Details

VMware Spring Cloud Gateway 2.0.0
vmware
spring_cloud_gateway
2.0.0
2021-11-09
13h02 +00:00
2021-11-09
15h16 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:vmware:spring_cloud_gateway:2.0.0:-:*:*:*:*:*:*

Informations

Vendor

vmware

Product

spring_cloud_gateway

Version

2.0.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-22947 2022-03-03 00h00 +00:00 In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
10
Critique
CVE-2021-22051 2021-11-08 12h37 +00:00 Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
6.5
Moyen