Spring Cloud: Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config…
Summary
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from 3.1.X before 3.1.13, from 4.1.X before 4.1.9, from 4.2.X before 4.2.3, from 4.3.X before 4.3.2, from 5.0.X before 5.0.2.
- 3.1.X
- 4.1.X
- 4.2.X
- 4.3.X
- 5.0.X
Official advisory · high-confidence parse· fetched 11 hours ago·verify at source
- 3.1.13
- 4.1.9
- 4.2.3
- 4.3.2
- 5.0.2
Official advisory · high-confidence parse· fetched 11 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 11 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.