Vulnerabilities > Vmware > Spring Cloud Gateway
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-04 | CVE-2022-22946 | Improper Certificate Validation vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. | 5.5 |
| 2022-03-03 | CVE-2022-22947 | Expression Language Injection vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. | 10.0 |
| 2021-11-08 | CVE-2021-22051 | Incorrect Authorization vulnerability in VMWare Spring Cloud Gateway Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. | 4.0 |