CVE-2025-41235
- EPSS 0.07%
- Published 30.05.2025 05:57:16
- Last modified 30.05.2025 16:31:03
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
CVE-2022-22946
- EPSS 0.98%
- Published 04.03.2022 16:15:10
- Last modified 21.11.2024 06:47:39
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote ...
- EPSS 94.46%
- Published 03.03.2022 22:15:08
- Last modified 13.03.2025 15:40:47
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that...
CVE-2021-22051
- EPSS 0.18%
- Published 08.11.2021 14:15:07
- Last modified 21.11.2024 05:49:30
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2...