CVE-2021-22051

MEDIUM

Spring Cloud Gateway < 2.2.10 and 3.0.0-3.0.5 - Incorrect Authorization

Title source: llm
STIX 2.1

Description

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://tanzu.vmware.com/security/cve-2021-22051

Scores

CVSS v3 6.5
EPSS 0.0014
EPSS Percentile 32.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-863
Status published
Products (2)
org.springframework.cloud/spring-cloud-gateway 3.0.0 - 3.0.5Maven
vmware/spring_cloud_gateway < 2.2.10
Published Nov 08, 2021
Tracked Since Feb 18, 2026