CVE-2020-5427

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-5427

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5427.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-5427

Aliases

BIT-spring-cloud-dataflow-2020-5427

Published

2021-01-27T18:15:13.043Z

Modified

2026-03-14T01:39:25.461734Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

References

https://tanzu.vmware.com/security/cve-2020-5427

Affected packages

Git / github.com/spring-cloud/spring-cloud-dataflow

Affected ranges

Type

GIT

Repo

https://github.com/spring-cloud/spring-cloud-dataflow

Events

Introduced

1a552fe6711dada5a4536c2fb383f0d44945756c

Fixed

7b8b94ae5f7d08b8bb1a868e8c65da01f2bc1520

Introduced

2aba9ed403f5c4793b718bdd4352a48a4a0195be

Fixed

28f287093ec64011ab9de6e81f408b3fd6b33f97

Database specific

{
    "versions": [
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.4"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "fixed": "2.6.5"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5427.json"