Code Injection in Spring Cloud: CVE-2024-37084


The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability.

CVE-2024-37084 is a critical vulnerability affecting Spring Cloud Data Flow versions 2.11.0 through 2.11.3. A malicious user with access to the Skipper server API can exploit a flaw in the upload request process, allowing them to write arbitrary files to any location on the server’s file system, potentially compromising the server. This vulnerability is assigned a CVSS score of 9.8 by VMware, indicating its critical nature.

Read more…
Source: Sonicwall 


Sign up for our Newsletter


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...