CVE-2024-22263— Arbitrary File Write Vulnerability in Spring Cloud Data Flow

CVSS 8.8 · High EPSS 77.75% · P99 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-22263

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Source: NVD (National Vulnerability Database)

Vulnerability Description

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

VMware Spring Cloud Data Flow 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

VMware Spring Cloud Data Flow是美国威睿（VMware）公司的一款用于微服务中流式处理和批处理数据的代码库。 VMware Spring Cloud Data Flow存在安全漏洞，该漏洞源于。上传路径的清理不当，攻击者可以使用精心设计的上传请求将任意文件写入文件系统上的任何位置，甚至可能破坏服务器。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Spring by VMware Tanzu	Spring Cloud Skipper	2.11.0 - 2.11.2, 2.10.x	-

II. Public POCs for CVE-2024-22263

#	POC Description	Source Link	Shenlong Link
1	(CVE-2024-22263) Spring Cloud Dataflow Arbitrary File Writing Scanner	https://github.com/securelayer7/CVE-2024-22263_Scanner	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-22263

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: Spring by VMware Tanzu

V. Comments for CVE-2024-22263

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-22263— Arbitrary File Write Vulnerability in Spring Cloud Data Flow

I. Basic Information for CVE-2024-22263

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2024-22263

III. Intelligence Information for CVE-2024-22263

IV. Related Vulnerabilities

V. Comments for CVE-2024-22263

Leave a comment