Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-VWPG-F6GW-RJVF
HistoryMay 10, 2021 - 3:18 p.m.

Incorrect Authorization in Spring Cloud Netflix Zuul

2021-05-1015:18:50
Google
osv.dev
12
incorrect authorization
sensitive headers
spring security
bypassing
vulnerability
requests

EPSS

0.001

Percentile

35.9%

JSON

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security’s StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

Related

prion 1
nvd 1
github 1
veracode 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2021-02-23 17:15:00
nvd
nvd
CVE-2021-22113
2021-02-23 17:15:13
github
github
Incorrect Authorization in Spring Cloud Netflix Zuul
2021-05-10 15:18:50
veracode
veracode
Authorization Bypass
2021-02-15 06:52:20
cvelist
cvelist
CVE-2021-22113
2021-02-23 16:04:45
cve
cve
CVE-2021-22113
2021-02-23 17:15:13

EPSS

0.001

Percentile

35.9%

JSON
Related for OSV:GHSA-VWPG-F6GW-RJVF
prion1nvd1github1veracode1cvelist1cve1