Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
CVE-2020-5427

5.7MEDIUM

Key Information:

Vendor: Spring By Vmware
Status: Spring Cloud Data Flow
Vendor: CVE Published:; 27 January 2021

What is CVE-2020-5427?

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

Affected Version(s)

Spring Cloud Data Flow 2.6 < 2.6.5

Spring Cloud Data Flow 2.5 < 2.5.4

References

https://tanzu.vmware.com/security/cve-2020-5427

x_refsource_CONFIRM

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2021
Vulnerability Reserved
Jan 3, 2020

Spring By Vmware

What is CVE-2020-5427?

Affected Version(s)

References

CVSS V3.1

Timeline