Spring Product Security Update Advisory (CVE-2024-37084)

Jul 26 2024

Overview

Spring has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-37084

Spring Cloud Skipper versions: 2.11.0 (inclusive) ~ 2.11.3 (inclusive)

Resolved Vulnerabilities

A malicious user with access to the Skipper server API could write arbitrary files to all locations on the file system using a crafted upload request (CVE-2024-37084)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-37084

Spring Cloud Skipper version: 2.11.4

Referenced Sites

[1] CVE-2024-37084 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-37084

[2] CVE-2024-37084: Remote code execution in Spring Cloud Data Flow

https://spring.io/security/cve-2024-37084

Spring Product Security Update Advisory (CVE-2024-37084)

BIND Product Security Update Advisory

Telerik Report Server Product Security Update Advisory (CVE-2024-6327)

Tags:

BIND Product Security Update Advisory

Telerik Report Server Product Security Update Advisory (CVE-2024-6327)