Description
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
Remediation
References
https://tanzu.vmware.com/security/cve-2020-5427
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.fujion.webjars:bootstrap
CVE-2017-4963 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common
CVE-2019-10347 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin
CVE-2020-2289 Vulnerability in maven package org.biouno:uno-choice
CVE-2014-7816 Vulnerability in maven package io.undertow:undertow-core