Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query
CVE-2020-5428

5.1MEDIUM

Key Information:

Vendor: Spring By Vmware
Status: Spring Cloud Task
Vendor: CVE Published:; 27 January 2021

What is CVE-2020-5428?

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

Affected Version(s)

Spring Cloud Task 2.2 < 2.2.5

References

https://tanzu.vmware.com/security/cve-2020-5428

x_refsource_CONFIRM

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2021
Vulnerability Reserved
Jan 3, 2020

Spring By Vmware

What is CVE-2020-5428?

Affected Version(s)

References

CVSS V3.1

Timeline