This page lists publicly disclosed CVE vulnerabilities affecting vmware spring_cloud_data_flow (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-37084 | In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | [email protected] | 9.8 | 35.21% | 2024-07-25 | 2026-06-17 |
| CVE-2020-5427 | In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | [email protected] | 7.2 | 1.06% | 2021-01-27 | 2026-06-16 |