WEB Spring Cloud Netflix Hystrix Dashboard Template Remote Code Execution (CVE-2021-22053)
Rule ID
1232036
Severity
High
Description
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.
Impact
Remote code execution
Recommendation
Update vendor's patch.
IPS Category
Buffer Overflow
IPS Anomaly Group
N/A
IPS Rule Default Action
Deny
Reference
Keyword
N/A
Created At
2022/12/29
Updated At
2022/12/29
This website uses cookies to ensure you get the best experience on our website.
Learn more