PT-2021-12402 · Spring · Spring Cloud Task

Published

2021-01-27

Updated

2022-02-09

CVE-2020-5428

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Spring Cloud Task versions 2.2.4.RELEASE and below

Description The issue affects applications using certain versions of Spring Cloud Task, making them potentially vulnerable to SQL injection attacks when specific lookup queries are performed in the TaskExplorer.

Recommendations For Spring Cloud Task versions 2.2.4.RELEASE and below, update to a version above 2.2.4.RELEASE to resolve the issue. As a temporary workaround, consider restricting access to the TaskExplorer to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-5428

GHSA-878W-7GXP-MC63

Affected Products

Spring Cloud Task

PT-2021-12402 · Spring · Spring Cloud Task

CVE-2020-5428

Weakness Enumeration

Related Identifiers

Affected Products

References · 5