org.springframework.cloud:spring-cloud-gateway

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.springframework.cloud:spring-cloud-gatewaypage 1 of 1

CVE-2021-22051MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.2.10.RELEASE0.5
2021-11-08
vulnerable: 2.2.0.RELEASE ... 2.2.9.RELEASE (11 versions)
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade t…
CVE-2022-22947CRITICALCVSS 10.0EG 10.0⚠ KEV✓ Fixed in 3.1.1
2022-03-03
vulnerable: 3.1.0
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted r…
CVE-2026-22750HIGHCVSS 7.5EG 7.5✓ Fixed in 4.2.1
2026-04-10
vulnerable: 4.2.0
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer u…

Check whether org.springframework.cloud:spring-cloud-gateway is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework.cloud:spring-cloud-gateway CVEs against the assets you own.

Start Free Scan →