CVE-2021-22051

CVE Database · CVE-2021-22051

CVE-2021-22051

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.67%

Published

Nov 8, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-863

Affected Products (2)

vmware · spring_cloud_gateway (up to 2.2.10)vulnerable

vmware · spring_cloud_gateway (up to 3.0.5)vulnerable

References (2)

https://tanzu.vmware.com/security/cve-2021-22051

Vendor Advisory

https://tanzu.vmware.com/security/cve-2021-22051

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs