High severity vulnerability was found in maven org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (maven) .

Applications using the spring-cloud-netflix-hystrix-dashboard expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;[user-provided data], the path elements following hystrix/monitor are being evaluated as SpringEL expressions, which can lead to code execution.

References


Courtesy:https://github.com/advisories/GHSA-gx3f-hq7p-8fxv

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *