Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-37084 PoC — CVE-2024-37084: Remote code execution in Spring Cloud Data Flow

Source
https://github.com/Kayiyan/CVE-2024-37084-Poc
Associated Vulnerability
Title:CVE-2024-37084: Remote code execution in Spring Cloud Data Flow (CVE-2024-37084)
Description:In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
Description
Analysis , Demo exploit and poc about CVE-2024-37084
Readme
# CVE-2024-37084-Poc
Setup ,Analysis , Demo exploit and poc about CVE-2024-37084

# How to use : 
```
 py .\CVE-2024-37084-Poc.py -h
usage: python poc_cve_2024_37084.py --target_url <target_url> --version <version> --origin <origin> --payload_url <payload_url> [--listen_ip <listen_ip>] [--listen_port <listen_port>]

PoC for CVE-2024-37084 - Remote Code Execution

optional arguments:
  -h, --help            show this help message and exit
  --target_url TARGET_URL
                        URL of the target server (e.g., http://target_ip:port/api/package/upload)
  --version VERSION     Version of the package (e.g., 4.0.0)
  --origin ORIGIN       Origin name for the package (e.g., thePoc)
  --payload_url PAYLOAD_URL
                        URL to the malicious payload (e.g., http://ip_attacker:port/something)
  --listen_ip LISTEN_IP
                        IP to listen for the reverse shell (default: 0.0.0.0)
  --listen_port LISTEN_PORT
                        Port to listen for the reverse shell (default: 4444)
```
Link setup , analysis and Demo by me [Link](https://kayiyan.gitbook.io/research/cve/cve-2024-37084-spring-cloud-remote-code-execution)

For yaml payload can use : [Link](https://github.com/artsploit/yaml-payload)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →