Spring · Spring Hateoas · CVE-2023-34036
**Name of the Vulnerable Software and Affected Versions**
Spring HATEOAS (affected versions not specified)
**Description**
Reactive web applications using Spring HATEOAS to produce hypermedia-based responses may be exposed to malicious forwarded headers if not behind a trusted proxy or without measures to handle such headers in WebFlux or the underlying HTTP server. The application is affected if it uses the reactive web stack with Spring HATEOAS and does not guard against clients submitting (X-)Forwarded headers.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.