Skip to main content

Spring Cloud Netflix

2 CVEs product

Monthly

CVE-2021-22053 Maven HIGH POC PATCH THREAT This Week

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Spring Cloud Netflix
NVD
CVSS 3.1
8.8
EPSS
13.0%
CVE-2020-5412 Maven MEDIUM POC PATCH THREAT This Month

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Cloud Netflix
NVD
CVSS 3.1
6.5
EPSS
10.2%
EPSS 13% CVSS 8.8
HIGH POC PATCH THREAT This Week

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java +1
NVD
EPSS 10% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Cloud Netflix
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy