VYPR

Bitnami package

spring-cloud-dataflow

pkg:bitnami/spring-cloud-dataflow

Vulnerabilities (2)

  • CVE-2024-37084Jul 25, 2024
    affected >= 2.11.0, < 2.11.4fixed 2.11.4

    In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

  • CVE-2020-5427Jan 27, 2021
    affected >= 2.5.0, < 2.5.4fixed 2.5.4

    In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.