Unintended Proxy or Intermediary Affecting org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard package, versions [,2.1.6.RELEASE) [2.2.0.RELEASE,2.2.4.RELEASE)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGSPRINGFRAMEWORKCLOUD-597397
- published 5 Aug 2020
- disclosed 5 Aug 2020
- credit Vern
Introduced: 5 Aug 2020
CVE-2020-5412 Open this link in a new tabHow to fix?
Upgrade org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard to version 2.1.6.RELEASE, 2.2.4.RELEASE or higher.
Overview
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard is a fault tolerance library.
Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. It allows applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.