Description
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Remediation
References
Related Vulnerabilities
WordPress Plugin TRADIES Information Disclosure (2.2.6)
WordPress Plugin BIC Media Widget Cross-Site Scripting (1.0)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0093)
WordPress Plugin Simple Yearly Archive Cross-Site Scripting (2.1.8)
WordPress Plugin Acobot Live Chat & Contact Form Multiple Vulnerabilities (2.0)