CVE-2024-37084
published 2024-07-25CVE-2024-37084: In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an…
PriorityP274high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
35.21%
98.2th percentile
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spring | spring_cloud_data_flow | >= 2.11.x < 2.11.4 | 2.11.4 |
| vmware | spring_cloud_data_flow | >= 2.11.0 < 2.11.4 | 2.11.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Remote code execution in Spring Cloud Data Flow
ghsa·2024-07-25
CVE-2024-37084 [CRITICAL] CWE-22 Remote code execution in Spring Cloud Data Flow
Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
OSV
Remote code execution in Spring Cloud Data Flow
osv·2024-07-25
CVE-2024-37084 [CRITICAL] Remote code execution in Spring Cloud Data Flow
Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-25
Published