VYPR

Spring Cloud Config

by Spring Projects

CVEs (3)

  • CVE-2019-3799May 6, 2019
    risk 0.10cvss epss 0.85

    Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or…

  • CVE-2026-22739Mar 24, 2026
    risk 0.00cvss epss 0.01

    Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects…

  • CVE-2024-22236Jan 31, 2024
    risk 0.00cvss epss 0.00

    In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded…