CVE-2025-41235
- EPSS 0.07%
- Veröffentlicht 30.05.2025 05:57:16
- Zuletzt bearbeitet 30.05.2025 16:31:03
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
CVE-2022-22946
- EPSS 0.98%
- Veröffentlicht 04.03.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 06:47:39
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote ...
- EPSS 94.46%
- Veröffentlicht 03.03.2022 22:15:08
- Zuletzt bearbeitet 13.03.2025 15:40:47
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that...
CVE-2021-22051
- EPSS 0.18%
- Veröffentlicht 08.11.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 05:49:30
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2...