CVE-2021-22051
First published: Mon Nov 08 2021(Updated: )
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Spring Cloud Gateway | <2.2.10 | |
| VMware Spring Cloud Gateway | >=3.0.0<3.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22051?
CVE-2021-22051 is a vulnerability in Applications using Spring Cloud Gateway that allows for specifically crafted requests to make an extra request on downstream services.
What is the severity of CVE-2021-22051?
CVE-2021-22051 has a severity rating of 6.5, which is considered medium.
Which versions of Spring Cloud Gateway are affected by CVE-2021-22051?
Versions up to and including 2.2.10.RELEASE and versions between 3.0.0 and 3.0.5 of Spring Cloud Gateway are affected by CVE-2021-22051.
How can I mitigate the vulnerability?
To mitigate CVE-2021-22051, users of Spring Cloud Gateway should upgrade to version 3.0.5+ if using 3.0.x, and upgrade to version 2.2.10.RELEASE or newer if using 2.2.x.
Where can I find more information about CVE-2021-22051?
More information about CVE-2021-22051 can be found at the following reference: https://tanzu.vmware.com/security/cve-2021-22051
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware spring cloud gateway
- version/vmware spring cloud gateway/3.0.0