CVE-2020-5427

Summary

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

Affected Software

VendorProductVersion RangeStatus
Spring by VMwareSpring Cloud Data Flow2.6 < 2.6.5affected
Spring by VMwareSpring Cloud Data Flow2.5 < 2.5.4affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

References