CVE-2020-5412
MEDIUM EXPLOITED NUCLEISpring Cloud Netflix <2.2.4-2.1.6 - SSRF
Title source: llmExploitation Summary
CVE-2020-5412 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
Nuclei Templates (1)
Spring Cloud Netflix - Server-Side Request Forgery
MEDIUMby dwisiswant0
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://tanzu.vmware.com/security/cve-2020-5412
Scores
CVSS v3
6.5
EPSS
0.1021
EPSS Percentile
95.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2025-02-25
CWE
CWE-441
CWE-610
Status
published
Products (2)
org.springframework.cloud/spring-cloud-netflix
2.2.0 - 2.2.4Maven
vmware/spring_cloud_netflix
< 2.1.6
Published
Aug 07, 2020
Tracked Since
Feb 18, 2026