spring-cloud-netflix-hystrix-dashboard is vulnerable to remote code execution. Lack of secure validation of request URI path allows an attacker to send a malicious request at /hystrix/monitor;[user-provided data]
,causing execution of malicious code because path elements following hystrix/monitor
are being evaluated as SpringEL expressions in application which used spring-cloud-netflix-hystrix-dashboard
and spring-boot-starter-thymeleaf
.