BIT-spring-cloud-dataflow-2020-5427

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/spring-cloud-dataflow/BIT-spring-cloud-dataflow-2020-5427.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-spring-cloud-dataflow-2020-5427
Aliases
Published
2024-03-06T11:05:17.085Z
Modified
2025-05-20T10:02:07.006Z
Summary
Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
Details

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

Database specific
{
    "cpes": [
        "cpe:2.3:a:vmware:spring_cloud_data_flow:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / spring-cloud-dataflow

Package

Name
spring-cloud-dataflow
Purl
pkg:bitnami/spring-cloud-dataflow

Severity

  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.5.0
Fixed
2.5.4
Introduced
2.6.0
Fixed
2.6.5