Description

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

Remediation

References

https://tanzu.vmware.com/security/cve-2020-5428

Related Vulnerabilities

CVE-2020-15170 Vulnerability in maven package com.ctrip.framework.apollo:apollo-adminservice

CVE-2020-8913 Vulnerability in maven package com.google.android.play:core

CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-jdk14

CVE-2023-37964 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox

CVE-2017-16105 Vulnerability in npm package serverwzl

Severity

High

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Tags

Third Party Advisory