Spring Cloud Data Flow

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:vmware:spring_cloud_data_flow:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorVmware (7bb62c7c-2241-5a0b-8dbc-5f13251fb24e)
ProductSpring Cloud Data Flow (a6dac3bb-6b72-54c2-8d9b-8e9391d49d82)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:bitbucket/esthermateosd/spring-cloud-dataflow purl2cpe 2026-06-01 10:12:22.201036
pkg:bitbucket/esthermd/spring-cloud-dataflow purl2cpe 2026-06-01 10:12:22.201038
pkg:github/spring-cloud/spring-cloud-dataflow purl2cpe 2026-06-01 10:12:22.201039
pkg:maven/org.springframework.cloud/spring-cloud-dataflow-parent purl2cpe 2026-06-01 10:12:22.201041

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-37084 vulnerable 2026-06-03 14:56:05.700381 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
CRITICAL (9.8)
In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
Published: 2024-07-25T09:17:50.378Z
Updated: 2024-08-02T03:43:50.987Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-5427 vulnerable 2026-06-03 14:42:56.483022 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
MEDIUM (5.7)
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
Published: 2021-01-27T17:30:16.666Z
Updated: 2024-09-16T19:01:12.488Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.