Количество 3
Количество 3
CVE-2022-22946
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
GHSA-28g5-j6gh-p2vw
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
BDU:2022-02183
Уязвимость реализации технологии проверки учетных данных аутентификации TrustManager библиотеки для создания API-шлюзов Spring Cloud Gateway, позволяющая нарушителю подключаться к удаленным службам
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-22946 In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. | CVSS3: 5.5 | 1% Низкий | почти 4 года назад |
| GHSA-28g5-j6gh-p2vw In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. | CVSS3: 5.5 | 1% Низкий | почти 4 года назад |
 | BDU:2022-02183 Уязвимость реализации технологии проверки учетных данных аутентификации TrustManager библиотеки для создания API-шлюзов Spring Cloud Gateway, позволяющая нарушителю подключаться к удаленным службам | CVSS3: 5.3 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу