Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreThe following versions of Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.
An application should be considered vulnerable when all the following are true:
management.endpoints.web.exposure.include=gateway
.Spring Cloud Gateway:
Users of affected versions should upgrade to the corresponding fixed version.
Affected version(s) | Fix version | Availability |
---|---|---|
4.3.x | 4.3.1 | OSS |
4.2.x | 4.2.5 | OSS |
4.1.x | 4.1.11 | Enterprise |
4.0.x | 4.1.11 | Out of support |
3.1.x | 3.1.11 | Enterprise |
No further mitigation steps are necessary.
If you cannot upgrade, then you can:
gateway
from the management.endpoints.web.exposure.include
property or secure the actuator endpoints.This issue was responsibly reported by Ezzer17.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy