Vmware: >> Spring Cloud Gateway >> 3.0.1 Security Vulnerabilities
CVE-2022-22947
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Known exploited
CVSS Score
10.0
EPSS Score
0.945
Published
2022-03-03
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-11-08