Back to search
CVE-2022-22946
Published: Mar 4, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
| Vendor | Product | Versions |
|---|---|---|
n/a | Spring Cloud Gateway | affected Spring cloud gateway versions 3.1.x prior to 3.1.1+ |
References
https://tanzu.vmware.com/security/cve-2022-22946
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now