A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Remote Code Execution vulnerability in Spring Cloud Data Flow (CVE-2024-37084)

Remote Code Execution vulnerability in Spring Cloud Data Flow (CVE-2024-37084)

Advisory No: TZCERT/SA/2024/07/26-6

Date of First Release: 26th July 2024

Source: Spring

Software Affected: Spring Cloud Data Flow

Overview:

Spring is vulnerable to a remote code vulnerability. The attackers can leverage the vulnerability to compromise the server.

Description:

Spring Cloud Data Flow, a microservices-based streaming in Cloud Foundry and Kubernetes is affected by a vulnerability tracked as CVE-2024-37084. The vulnerability is a result of improper sanitization for the upload path, that a malicious user who has access to the Skipper server API can use a crafted upload request to write an arbitrary file to any location on the file system. The attackers can exploit the vulnerability to compromise the server by executing remote arbitrary codes.

Impact:

Successful exploitation of this vulnerability may allow an attacker to take control of the affected system.

Solution:

Spring has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://spring.io/security/cve-2024-37084
  2. https://github.com/advisories/GHSA-p528-3mvf-gr87

Best free WordPress theme

Check Also

Multiple critical vulnerabilities affecting Dell EMC Avamar, Dell Protection Advisor, Dell VxRail, and Dell RecoverPoint

Advisory No: TZCERT/SA/2024/07/26-5 Date of First Release: 26th July 2024 Source: Dell Software Affected: Dell …

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.