CVE-2020-5428 – org.springframework.cloud:spring-cloud-task-dependencies

Package

Manager: maven
Name: org.springframework.cloud:spring-cloud-task-dependencies
Vulnerable Version: >=0 <2.2.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00277 pctl0.5071

Details

SQL Injection in Spring Cloud Task In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

Metadata

Created: 2022-02-09T22:16:53Z
Modified: 2021-04-05T23:12:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-878w-7gxp-mc63/GHSA-878w-7gxp-mc63.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-878w-7gxp-mc63
Finding: F106
Auto approve: 1