VYPR

Spring Cloud Config

by Spring Cloud

Source repositories

CVEs (2)

  • CVE-2026-41002HigMay 7, 2026
    risk 0.40cvss 7.2epss 0.00

    The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to…

  • CVE-2025-22232MedApr 10, 2025
    risk 0.34cvss 5.3epss 0.00

    Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: * You have Spring Vault on the classpath of your Spring Cloud Config Server and…