Security Advisory

CVE-2021-22113

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-23 16:04:45

Last updated 2024-08-03 18:30:23

Assigner vmware

State PUBLISHED

Description

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Securitys StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

← Browse all CVEs View on cve.org ↗