What is CVE-2021-22053?

CVE-2021-22053 is a vulnerability in Spring Cloud Netflix, classified under Code Injection. Published 2021-11-19.

Is CVE-2021-22053 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Spring Cloud Netflix

CVE-2021-22053

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hy…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.896 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a Spring Cloud Netflix — versions Spring Cloud Netflix versions 2.2.x prior to 2.2.10.Release + and old unsupported versions

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

tanzu.vmware.com/security/cve-2021-22053 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-22053?: CVE-2021-22053 is a vulnerability in Spring Cloud Netflix, classified under Code Injection. Published 2021-11-19.
Is CVE-2021-22053 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.