CVE-2024-37084 Information

Description

In Spring Cloud Data Flow versions prior to 2.11.4  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

Reference

https://spring.io/security/cve-2024-37084