CVE-2021-22053 – Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter- …

19 November 2021

Vuln ID: CVE-2021-22053

Published: 2021-11-19 16:15:07Z

Description: Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.

Source: NVD.NIST.GOV

Date:

19 November 2021

Categories:

NVD

Tags:

NVD

Put guardrails around AI use to protect your org, but be open to changes4 December 2023
2023 Gartner® Market Guide for Security, Orchestration, Automation and Response Solutions4 December 2023
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware4 December 2023
The AI readiness race and where global companies stand4 December 2023
2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations4 December 2023