VYPR

Maven package

org.springframework.cloud/spring-cloud-skipper

pkg:maven/org.springframework.cloud/spring-cloud-skipper

Vulnerabilities (1)

  • CVE-2024-37084Jul 25, 2024
    affected < 2.11.4fixed 2.11.4

    In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server