1 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. En Spring Cloud OpenFeign versiones 3.0.0 a 3.0.4, 2.2.0.RELEASE a 2.2.9.RELEASE, y versiones anteriores no soportadas, las aplicaciones que usan anotaciones de "@RequestMapping" a nivel de tipo sobre las interfaces de cliente de Feign, pueden estar exponiendo involuntariamente los endpoints correspondientes a métodos de interfaz anotados por "@RequestMapping" • https://tanzu.vmware.com/security/cve-2021-22044 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •