BIT-spring-cloud-dataflow-2020-5427

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/spring-cloud-dataflow/BIT-spring-cloud-dataflow-2020-5427.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-spring-cloud-dataflow-2020-5427

Aliases

CVE-2020-5427

Published

2024-03-06T11:05:17.085Z

Modified

2025-05-20T10:02:07.006Z

Summary

Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query

Details

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

Database specific

{
    "cpes": [
        "cpe:2.3:a:vmware:spring_cloud_data_flow:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / spring-cloud-dataflow

Package

Name: spring-cloud-dataflow
Purl: pkg:bitnami/spring-cloud-dataflow

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.5.0

Fixed

2.5.4

Introduced

2.6.0

Fixed

2.6.5