Moderate severityNVD Advisory· Published Feb 23, 2021· Updated Aug 3, 2024
CVE-2021-22113
CVE-2021-22113
Description
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.cloud:spring-cloud-netflix-zuulMaven | < 2.2.7 | 2.2.7 |
Affected products
2- Spring/Spring Cloud Netflix Zuuldescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vwpg-f6gw-rjvfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-22113ghsaADVISORY
- github.com/spring-cloud/spring-cloud-netflix/commit/8ecb3dca511c3ce0454e42ac31ee2331d7318c07ghsaWEB
- tanzu.vmware.com/security/cve-2021-22113ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.