CVE-2020-5412
N/A
N/A
Summary
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spring by VMware | Spring Cloud Netflix | 2.2 < 2.2.4 | affected |
| Spring by VMware | Spring Cloud Netflix | 2.1 < 2.1.6 | affected |
Weaknesses
- CWE-441: CWE-441: Unintended Proxy or Intermediary
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.