In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
{ "cpes": [ "cpe:2.3:a:vmware:spring_cloud_data_flow:*:*:*:*:*:*:*:*" ], "severity": "High" }