CVE-2021-22044

HIGH

Vmware Spring Cloud Openfeign < 2.2.9 - Information Disclosure

Title source: rule

Description

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.

References (1)

[Vendor Advisory] https://tanzu.vmware.com/security/cve-2021-22044

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200 CWE-668

Status published

Affected Products (2)

vmware/spring_cloud_openfeign < 2.2.9

org.springframework.cloud/spring-cloud-openfeign-core < 3.0.5Maven

Timeline

Published Oct 28, 2021

Tracked Since Feb 18, 2026