Spring Cloud Config
Approved changes feed: RSS · Atom
cpe:2.3:a:spring_by_vmware:spring_cloud_config:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Spring By Vmware (e0b0b549-71d2-5c8a-be30-1f02c144ba93) |
|---|---|
| Product | Spring Cloud Config (34f88a0c-3a78-5dc7-9c13-c169a3cf230f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-5410 |
vulnerable | 2026-06-08 05:26:42.796156 |
Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
Published: 2020-06-02T16:50:12.055Z
Updated: 2025-10-21T23:35:43.023Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5405 |
vulnerable | 2026-06-08 05:26:42.786513 |
Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
Published: 2020-03-05T19:00:19.429Z
Updated: 2024-09-16T22:36:28.048Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.