VYPR

Maven package

org.springframework.cloud/spring-cloud-gateway

pkg:maven/org.springframework.cloud/spring-cloud-gateway

Vulnerabilities (3)

  • CVE-2026-22750HigApr 10, 2026
    affected >= 4.2.0, < 4.2.1fixed 4.2.1

    When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using S

  • CVE-2022-22947KEVMar 3, 2022
    affected < 3.0.7fixed 3.0.7

    In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote

  • CVE-2021-22051Nov 8, 2021
    affected >= 3.0.0, < 3.0.5fixed 3.0.5

    Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2