Lucene search
K

3 matches found

Veracode
Veracode
added 2024/07/26 5:43 a.m.17 views

Remote Code Execution (RCE)

org.springframework.cloud: spring-cloud-skipper-server is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to improper validation of upload requests, allowing a malicious user with access to the Skipper server API to write an arbitrary file to any location on the file...

9.8CVSS7.6AI score0.35211EPSS
Exploits4References2Affected Software1
vulnersOsv
vulnersOsv
added 2024/07/25 12:32 p.m.8 views

org.springframework.cloud.stream.app:spring-cloud-starter-stream-sink-task-launcher-dataflow (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.springframework.cloud.stream.app:spring-cloud-stream-app-starters-docs (>=Einstein.RELEASE <=Einstein.SR5) +46 more potentially affected by CVE-2024-37084 via org.springframework.cloud:spring-cloud-skipper (>=1.0.0.RELEASE <=2.11.3)

org.springframework.cloud:spring-cloud-skipper MAVEN version =1.0.0.RELEASE, =1.0.0.RELEASE, =Einstein.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =1.1.1.RELEASE, =Clark.SR1, =2.11.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =1.6.0.RELEASE, =2.0.0.RELEASE, =2.11.3 -...

9.8CVSS5.8AI score0.35211EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/06/14 12:0 a.m.6 views

The vulnerability of the application programming interface of the Spring Cloud Skipper package management server allows a perpetrator to write any files they desire.

The vulnerability of the Spring Cloud Skipper package manager’s application interface involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to write any files they desire...

6.8CVSS5.5AI score0.17537EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder