A vulnerability has been discovered in Spring Cloud Config that allows an attacker to perform server-side request forgery (SSRF).
| Vendor | Product | Versions |
|---|---|---|
| Spring | Spring Cloud Config | 3.1.3, 4.2.6, 4.3.2, 3.1.13, 4.1.9, 5.0.2 |
Updated affected versions and added new CWE and CVE information.
Updated affected versions, added new CWE, and included new tags related to Spring Security Advisory.
Updated affected versions to include 3.1.13, 4.1.9, and confirmed patch available is 5.0.2.
Updated description with new technical details and added affected version 4.2.6.
Updated affected versions to include 4.3.2 and marked exploit availability and active exploitation as true.
Updated vendor to Spring, product to Spring Cloud Config, added affected versions 3.1.3 and 4.2.6, and marked exploit availability and active exploitation as true.
Initial creation
