CVE-2024-37084
CVSS v3.1
8.8 (High)
EPSS
0.05 % (20th)
Affected Products
1
Advisories
1
NVD Status
Analyzed
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
Weaknesses
- CWE-94
- Improper Control of Generation of Code ('Code Injection')
- CWE-NVD-noinfo
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- VMware
- Published Date
-
2024-07-25 10:15:07
(7 weeks ago) - Updated Date
-
2024-08-26 16:11:27
(3 weeks ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...