Lucene search
PivotalCVELIST:CVE-2020-5412HistoryAug 07, 2020 - 8:45 p.m.
CVE-2020-5412 Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
2020-08-0720:45:13
CWE-441
pivotal
www.cve.org
2
EPSS
0.061
Percentile
93.7%
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
CNA Affected
[
{
"product": "Spring Cloud Netflix",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "2.2.4",
"status": "affected",
"version": "2.2",
"versionType": "custom"
},
{
"lessThan": "2.1.6",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
]References
Related
nuclei
nuclei
Spring Cloud Netflix - Server-Side Request Forgery
2020-09-01 13:24:39
nvd
nvd
CVE-2020-5412
2020-08-07 21:15:10
cve
cve
CVE-2020-5412
2020-08-07 21:15:10
osv
osv
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
2021-04-30 17:29:42
CVE-2020-5412
2020-08-07 21:15:10
veracode
veracode
Insecure Proxy
2021-05-03 04:18:04
prion
prion
Design/Logic Flaw
2020-08-07 21:15:00
github
github
ibm
ibm