























When substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, it was possible to access files outside of the configured search directories.
In addition, when using a source control backend, the profile parameter could be substituted into the URL pointing at the source control repository making it possible to perform SSRF attacks.
Spring Cloud Config:
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 3.1.x | 3.1.13 | Enterprise Support Only |
| 4.1.x | 4.1.9 | Enterprise Support Only |
| 4.2.x | 4.2.6 | Enterprise Support Only |
| 4.3.x | 4.3.2 | OSS |
| 5.0.x | 5.0.2 | OSS |
The issue was identified and responsibly reported by Hyunwoo Kim (@V4bel).
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。