Spring · Spring Cloud Gateway · CVE-2021-22051
**Name of the Vulnerable Software and Affected Versions**
Spring Cloud Gateway versions 3.0.0 through 3.0.4
Spring Cloud Gateway versions 2.2.0 through 2.2.9
**Description**
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services.
**Recommendations**
For Spring Cloud Gateway version 3.0.x, upgrade to 3.0.5 or newer.
For Spring Cloud Gateway version 2.2.x, upgrade to 2.2.10.RELEASE or newer.