Home > Vulnerability Database > CVE-2021-22113

Mend.io Vulnerability Database

CVE-2021-22113

Good to know:

Date: February 23, 2021

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

Language: Java

Severity Score

5.3

Related Resources (4)

Url: https://tanzu.vmware.com/security/cve-2021-22113

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-22113

Url: https://github.com/spring-cloud/spring-cloud-netflix/commit/8ecb3dca511c3ce0454e42ac31ee2331d7318c07

Url: https://www.mend.io/vulnerability-database/CVE-2021-22113

Severity Score

5.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version org.springframework.cloud:spring-cloud-netflix-zuul:2.2.7.RELEASE

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-22113

Good to know:

Date: February 23, 2021

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?