CVE-2023-34036

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 17, 2023

CWE ID 116

CWE ID 644

Summary

CVE-2023-34036: Reactive web applications utilizing Spring HATEOAS for creating hypermedia links in responses may be susceptible to malicious forwarded headers, leading to potential security breaches. This vulnerability arises when applications lack proper protection behind a trusted proxy or fail to handle forwarded headers within WebFlux or at the HTTP server level. Applications must use Spring WebFlux and Spring HATEOAS, and have insufficient measures to guard against unfiltered (X-)Forwarded headers to be affected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vmware Spring Hateoas

Affected Vendors

VMware Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r_XmNj
https://www.cve.org/CVERecord?id=CVE-2023-34036
https://nvd.nist.gov/vuln/detail/CVE-2023-34036

Back to Vulnerability Database