Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * Spring Boot actuator is a dependency. * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.springframework.cloud:spring-cloud-gateway-server-webflux(Maven) | 3.1.0 | N/A | N/A |
| org.springframework.cloud:spring-cloud-gateway-server-webflux(Maven) | 4.0.0 | N/A | N/A |
| org.springframework.cloud:spring-cloud-gateway-server-webflux(Maven) | 4.2.0 | 4.2.5 | N/A |
| org.springframework.cloud:spring-cloud-gateway-server-webflux(Maven) | 4.3.0 | 4.3.1 | N/A |
CVSS Metrics
