CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-22113

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.2%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 4.3

References

https://tanzu.vmware.com/security/cve-2021-22113
https://tanzu.vmware.com/security/cve-2021-22113

Products affected by CVE-2021-22113

Vmware » Spring Cloud Netflix Zuul » Version: 2.2.4

cpe:2.3:a:vmware:spring_cloud_netflix_zuul:2.2.4
Vmware » Spring Cloud Netflix Zuul » Version: 2.2.5

cpe:2.3:a:vmware:spring_cloud_netflix_zuul:2.2.5
Vmware » Spring Cloud Netflix Zuul » Version: 2.2.6

cpe:2.3:a:vmware:spring_cloud_netflix_zuul:2.2.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22113

Products

Pricing

Contact Us