Latest vmware spring cloud gateway Vulnerabilities

CVE-2022-22946
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager....
VMware Spring Cloud Gateway=3.1.0
Oracle Commerce Guided Search=11.3.2
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Console=22.2.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
and 1 more
CVE-2022-22947
VMware Spring Cloud Gateway Code Injection Vulnerability
maven/org.springframework.cloud:spring-cloud-gateway>=3.1.0<3.1.1
maven/org.springframework.cloud:spring-cloud-gateway<3.0.7
VMware Spring Cloud Gateway
VMware Spring Cloud Gateway<3.0.7
VMware Spring Cloud Gateway=3.1.0
Oracle Commerce Guided Search=11.3.2
and 13 more
CVE-2021-43797
### Impact Netty currently just skips control chars when these are present at the beginning / end of the header name. We should better fail fast as these are not allowed by the spec and could lead to...
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el8ea
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el7ea
redhat/candlepin<0:4.1.13-1.el7
redhat/candlepin<0:4.1.13-1.el8
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 60 more
CVE-2021-22051
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following m...
VMware Spring Cloud Gateway<2.2.10
VMware Spring Cloud Gateway>=3.0.0<3.0.5
CVE-2021-37136
### Impact The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users o...
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec<4.1.68.Final
Netty Netty<4.1.68
Quarkus Quarkus<2.2.4
Oracle Banking Apis>=18.1<=18.3
and 44 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203