CVE-2020-5428: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

February 9, 2022

In applications using Spring Cloud Task RELEASE, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

References

github.com/advisories/GHSA-878w-7gxp-mc63
nvd.nist.gov/vuln/detail/CVE-2020-5428
tanzu.vmware.com/security/cve-2020-5428

Code Behaviors & Features

Detect and mitigate CVE-2020-5428 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →