VYPR

Spring Cloud Gateway

by Spring Cloud

Source repositories

CVEs (4)

  • CVE-2025-41235HigMay 30, 2025
    risk 0.56cvss 8.6epss 0.00

    Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.

  • CVE-2025-41253HigOct 16, 2025
    risk 0.49cvss 7.5epss 0.00

    The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using…

  • CVE-2022-22947KEVMar 3, 2022
    risk 0.23cvss epss 0.98

    In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote…

  • CVE-2022-22946Mar 4, 2022
    risk 0.00cvss epss 0.05

    In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or…