← Back

Spring Cloud Netflix Zuul

spring_cloud_netflix_zuul

Vendor: Vmware • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-22113
1Vmware
1Spring Cloud Netflix Zuul
Nov 21, 2024
Feb 23, 2021
N/A· v4
5.3 MEDIUM· v3
4.3 MEDIUM· v2
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially cons...Show more
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.Show less