Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server.
No PoCs from references.
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/crisprss/CVEs
- https://github.com/ismailmazumder/SL7CVELabsBuilder
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/securelayer7/CVE-2024-22263_Scanner
- https://github.com/securelayer7/Research
- https://github.com/tanjiti/sec_profile
- https://github.com/tylzars/awesome-vrre-writeups