CVE-2021-22051 — MEDIUM (6.5)

Q: How severe is CVE-2021-22051?

CVE-2021-22051 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-22051?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Gateway.

Vulnerability Description

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Vmware	Spring Cloud Gateway	< 2.2.10

Related Weaknesses (CWE)

CWE-863

References

https://tanzu.vmware.com/security/cve-2021-22051Vendor Advisory
https://tanzu.vmware.com/security/cve-2021-22051Vendor Advisory

FAQ

What is CVE-2021-22051?

CVE-2021-22051 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following m...

How severe is CVE-2021-22051?

CVE-2021-22051 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22051?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Gateway.