Description
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Remediation
References
Related Vulnerabilities
WordPress Plugin Admin Custom Login Cross-Site Scripting (2.5.3.1)
WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Request Forgery (2.4.1)
WordPress Plugin Error Log Monitor Security Bypass (1.6.4)
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.1.11)