Description
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slideshow Information Disclosure (2.2.21)
MySQL CVE-2022-21363 Vulnerability (CVE-2022-21363)
SharePoint CVE-2023-21744 Vulnerability (CVE-2023-21744)
Microsoft SQL Server CVE-2023-21713 Vulnerability (CVE-2023-21713)
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43767)