CVE-2021-22044

Summary

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods.

Affected Software

VendorProductVersion RangeStatus
n/aSpring Cloud OpenFeignSpring Cloud OpenFeign versions 3.0.x prior to 3.0.5+, 2.2.x prior to 2.2.10. RELEASE+ and all older unsupported versions are impacted.affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References