VYPR

Spring Cloud Config

by Spring By VMware

CVEs (3)

  • CVE-2025-22232MedApr 10, 2025
    risk 0.34cvss 5.3epss 0.00

    Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: * You have Spring Vault on the classpath of your Spring Cloud Config Server and…

  • CVE-2020-5410KEVJun 2, 2020
    risk 0.23cvss epss 0.96

    Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a…

  • CVE-2020-5405Mar 5, 2020
    risk 0.07cvss epss 0.69

    Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a…