Bitnami package
spring-cloud-dataflow
pkg:bitnami/spring-cloud-dataflow
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-37084 | — | >= 2.11.0, < 2.11.4 | 2.11.4 | Jul 25, 2024 | In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | ||
| CVE-2020-5427 | — | >= 2.5.0, < 2.5.4 | 2.5.4 | Jan 27, 2021 | In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. |
- CVE-2024-37084Jul 25, 2024affected >= 2.11.0, < 2.11.4fixed 2.11.4
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
- CVE-2020-5427Jan 27, 2021affected >= 2.5.0, < 2.5.4fixed 2.5.4
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.