Spring Product Security Update Advisory (CVE-2024-22263)

Jul 03 2024

Overview

An update has been made available to address a vulnerability in the Spring suite. users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-22263

Spring Cloud Skipper versions: 2.11.0 (inclusive) ~ 2.11.2 (inclusive)
Spring Cloud Skipper versions: 2.10.x

Resolved Vulnerabilities

Vulnerability in the Spring Cloud Skipper product that allows arbitrary files to be written to anywhere on the file system via a crafted upload request (CVE-2024-22263)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-22263

Spring cloud Skipper version: 2.11.3

Referenced Sites

[1] CVE-2024-22263 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-22263

[2] CVE-2024-22263: Arbitrary File Write Vulnerability in Spring Cloud Data Flow

https://spring.io/security/cve-2024-22263

Spring Product Security Update Advisory (CVE-2024-22263)

Cisco Family Security Update Advisory (CVE-2024-20399)

Apache Tomcat Denial of Service Attack Vulnerability Security Update Advisory (CVE-2024-34750)

Tags:

Cisco Family Security Update Advisory (CVE-2024-20399)

Apache Tomcat Denial of Service Attack Vulnerability Security Update Advisory (CVE-2024-34750)