What is the severity of CVE-2024-37084?

CVE-2024-37084 is considered a critical vulnerability due to its potential to allow arbitrary file write access on the server.

How do I fix CVE-2024-37084?

To fix CVE-2024-37084, upgrade Spring Cloud Data Flow to version 2.11.4 or later.

Who is affected by CVE-2024-37084?

CVE-2024-37084 affects users of Spring Cloud Data Flow versions prior to 2.11.4.

What is the impact of CVE-2024-37084?

The impact of CVE-2024-37084 is that it could allow an attacker to compromise the server by writing malicious files.

What component of Spring Cloud Data Flow does CVE-2024-37084 affect?

CVE-2024-37084 specifically affects the Skipper server API component of Spring Cloud Data Flow.

Vulnerability/
CVE-2024-37084

critical

9.8

CWE

22 94

25/7/2024

26/8/2024

CVE-2024-37084: Remote code execution in Spring Cloud Data Flow

First published: Thu Jul 25 2024(Updated: )

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

Credit: security@vmware.com security@vmware.com

Affected Software	Affected Version	How to fix
maven/org.springframework.cloud:spring-cloud-skipper	<2.11.4	2.11.4
Vmware Spring Cloud Data Flow	>=2.11.0<2.11.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-37084?
CVE-2024-37084 is considered a critical vulnerability due to its potential to allow arbitrary file write access on the server.
How do I fix CVE-2024-37084?
To fix CVE-2024-37084, upgrade Spring Cloud Data Flow to version 2.11.4 or later.
Who is affected by CVE-2024-37084?
CVE-2024-37084 affects users of Spring Cloud Data Flow versions prior to 2.11.4.
What is the impact of CVE-2024-37084?
The impact of CVE-2024-37084 is that it could allow an attacker to compromise the server by writing malicious files.
What component of Spring Cloud Data Flow does CVE-2024-37084 affect?
CVE-2024-37084 specifically affects the Skipper server API component of Spring Cloud Data Flow.

agent/title
agent/type
agent/first-publish-date
agent/author
agent/references
agent/weakness
collector/mitre-cve
source/MITRE
collector/nvd-cve
source/NVD
agent/event
collector/github-advisory-latest
source/GitHub
alias/GHSA-p528-3mvf-gr87
alias/CVE-2024-37084
agent/software-canonical-lookup
agent/description
collector/github-advisory
collector/nvd-api
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/trending
agent/tags
agent/source
package-manager/maven
vendor/vmware
canonical/vmware spring cloud data flow
version/vmware spring cloud data flow/2.11.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.