CVE-2024-37084

🗓️ 25 Jul 2024 09:17:50Reported by vmwareType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 118 Views🌐 WEB

Insecure file upload vulnerability in Spring Cloud Data Flo

Reporter	Title	Published	Views	Family All 16
GithubExploit	Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow	15 Oct 202418:54	–	githubexploit
GithubExploit	Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow	10 Sep 202416:58	–	githubexploit
GithubExploit	Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow	15 Oct 202406:55	–	githubexploit
GithubExploit	Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow	22 Nov 202413:53	–	githubexploit
Circl	CVE-2024-37084	25 Jul 202412:43	–	circl
CNNVD	VMware Spring Cloud Data Flow 安全漏洞	25 Jul 202400:00	–	cnnvd
Cvelist	CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow	25 Jul 202409:17	–	cvelist
Github Security Blog	Remote code execution in Spring Cloud Data Flow	25 Jul 202412:32	–	github
NVD	CVE-2024-37084	25 Jul 202410:15	–	nvd
OSV	BIT-SPRING-CLOUD-DATAFLOW-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow	27 Aug 202412:38	–	osv

NVD

Node

vmware spring_cloud_data_flowRange2.11.0–2.11.4

[
  {
    "defaultStatus": "unaffected",
    "product": "Spring Cloud Data Flow",
    "vendor": "Spring",
    "versions": [
      {
        "lessThan": "2.11.4",
        "status": "affected",
        "version": "2.11.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2024-37084

Parameter	Position	Path	Description	CWE
target_url	request body	api/package/upload	CVE-2024-37084: Upload vulnerability in Spring Cloud Data Flow Skipper API allowing arbitrary file upload leading to remote code execution	CWE-94
version	request body	api/package/upload	CVE-2024-37084: Upload vulnerability in Spring Cloud Data Flow Skipper API allowing arbitrary file upload leading to remote code execution	CWE-94
payload_url	request body	api/package/upload	CVE-2024-37084: Upload vulnerability in Spring Cloud Data Flow Skipper API allowing arbitrary file upload leading to remote code execution	CWE-94

21 Nov 2024 09:23Current

9.5High risk

Vulners AI Score9.5

CVSS 3.18.8 - 9.8

EPSS0.83304

SSVC

CWE-94