Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Patch

org.springframework.cloud:spring-cloud-gateway-server 2.2.10.RELEASE

Back to all
Package Version

org.springframework.cloud:spring-cloud-gateway-server 2.2.10.RELEASE

Github Repository

Package Version Scores

Overall
0
/10
Security
8
Activity
6
Popularity
8
Quality
5
All Factors
Security
Activity
Popularity
Code Quality
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.

Endor Patches

Patch Name
CVEs fixed
Lines of Code Changed
671c0733e67ac541bb90779c
CVEs Fixed
C
2
H
2
+1343
-28

Vulnerabilities Fixed

Cve Name
CVE ID
Severity
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
CVE-2025-41235
High
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection
CVE-2025-41253
High
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
CVE-2022-22947
Critical
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux
CVE-2025-41243
Critical

Get Your First 3 Patches Free

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

References

Basic Information

Ecosystem
Release Date
May 3, 2026
LINES OF CODE CHANGED
+1343
-28
-
on latest patch
License
Patch Available

Get Your First 3 Patches Free

Secure your app without upgrading.
Fix Without Upgrading
{
"items": [
{
"title": "First Major Version Milestone Achieved",
"description": "The package has reached version 1.0.0, this is a sign of maturity",
"category": "code quality",
"type": "upscore"
},
{
"title": "Older Versions are Maintained",
"description": "The package keeps creating updates to earlier version trains, this is a sign of a commitment to maintaining and supporting the users of the project",
"category": "activity",
"type": "upscore"
},
{
"title": "Frequent Versions",
"description": "The package has frequent version creation, this is a sign of a commitment to maintaining and supporting the codebase",
"category": "activity",
"type": "upscore"
},
{
"title": "Organization Repository",
"description": "When a repository belongs to an organization there is a lower risk of it getting abandoned in the future",
"category": "activity",
"type": "upscore"
},
{
"title": "No Known Vulnerabilities for this Version",
"description": "No vulnerabilities discovered in this version of the repository indicates that this is a version that is safe to use. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "upscore"
},
{
"title": "Has Stars",
"description": "Having some stars indicates interest in the project. ",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Forks",
"description": "Many forks show an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Subscribers",
"description": "A very large number of subscribers indicates an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Repository has Topics",
"description": "Configuring topics is an indication that the repository is well maintained",
"category": "activity",
"type": "upscore"
},
{
"title": "No Source Code License",
"description": "Having license information in the source code makes it easier to validate the license status of the package",
"category": "code quality",
"type": "downscore"
}
]
}