Description
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
Remediation
References
https://tanzu.vmware.com/security/cve-2020-5412
Related Vulnerabilities
CVE-2020-13920 Vulnerability in maven package org.apache.activemq:activemq-broker
CVE-2019-10411 Vulnerability in maven package com.inedo.buildmaster:inedo-buildmaster
CVE-2016-4436 Vulnerability in maven package org.apache.struts:struts2-rest-plugin
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-support
CVE-2012-0803 Vulnerability in maven package org.apache.cxf:cxf-bundle