Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-p528-3mvf-gr87

GitHub Security Advisory

Remote code execution in Spring Cloud Data Flow

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

Affected Packages

Maven org.springframework.cloud:spring-cloud-skipper
Affected versions: 0 (fixed in 2.11.4)

Related CVEs

CVE-2024-37084

Key Information

GHSA ID
GHSA-p528-3mvf-gr87
Published
July 25, 2024 12:32 PM
Last Modified
August 2, 2024 3:57 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.springframework.cloud:spring-cloud-skipper
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 29, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.