Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-37084 PoC — CVE-2024-37084: Remote code execution in Spring Cloud Data Flow

Source
https://github.com/Kayiyan/CVE-2024-37084-Poc
Associated Vulnerability
Title:CVE-2024-37084: Remote code execution in Spring Cloud Data Flow (CVE-2024-37084)
Description:In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
Description
Analysis , Demo exploit and poc about CVE-2024-37084
Readme
# CVE-2024-37084-Poc
Setup ,Analysis , Demo exploit and poc about CVE-2024-37084

# How to use : 
```
 py .\CVE-2024-37084-Poc.py -h
usage: python poc_cve_2024_37084.py --target_url <target_url> --version <version> --origin <origin> --payload_url <payload_url> [--listen_ip <listen_ip>] [--listen_port <listen_port>]

PoC for CVE-2024-37084 - Remote Code Execution

optional arguments:
  -h, --help            show this help message and exit
  --target_url TARGET_URL
                        URL of the target server (e.g., http://target_ip:port/api/package/upload)
  --version VERSION     Version of the package (e.g., 4.0.0)
  --origin ORIGIN       Origin name for the package (e.g., thePoc)
  --payload_url PAYLOAD_URL
                        URL to the malicious payload (e.g., http://ip_attacker:port/something)
  --listen_ip LISTEN_IP
                        IP to listen for the reverse shell (default: 0.0.0.0)
  --listen_port LISTEN_PORT
                        Port to listen for the reverse shell (default: 4444)
```
Link setup , analysis and Demo by me [Link](https://kayiyan.gitbook.io/research/cve/cve-2024-37084-spring-cloud-remote-code-execution)

For yaml payload can use : [Link](https://github.com/artsploit/yaml-payload)
File Snapshot

 [4.0K]  /data/pocs/7856f7fd295bc1bdb2bba4461fb1c91b9f2176c2
├── [3.7K]  CVE-2024-37084-Poc.py
├── [1.2K]  README.md
└── [ 15M]  spring-cloud-dataflow-2.11.0.zip

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →