Skip to main content

Spring Cloud Data Flow

1 CVEs product

Monthly

CVE-2024-37084 Maven HIGH PATCH This Week

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Spring Cloud Data Flow
NVD
CVSS 3.1
8.8
EPSS
35.2%
EPSS 35% CVSS 8.8
HIGH PATCH This Week

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy