Description
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
Remediation
References
https://tanzu.vmware.com/security/cve-2020-5427
Related Vulnerabilities
CVE-2015-7501 Vulnerability in maven package commons-collections:commons-collections
CVE-2019-10369 Vulnerability in maven package org.jenkins-ci.plugins:jclouds-jenkins
CVE-2020-26870 Vulnerability in npm package dompurify
CVE-2018-10237 Vulnerability in maven package com.google.guava:guava
CVE-2014-8115 Vulnerability in maven package org.kie:kie-drools-wb-distribution-wars