Lucene search
ApacheCVELIST:CVE-2022-45801HistoryMay 01, 2023 - 2:50 p.m.
CVE-2022-45801 Apache StreamPark (incubating): LDAP Injection Vulnerability
2023-05-0114:50:11
CWE-74
apache
www.cve.org
apache streampark
ldap injection
web applications
sanitize user input
sql injection
unauthorized queries
content modification
upgrade
Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.
LDAP Injection is an attack used to exploit web based applications
that construct LDAP statements based on user input. When an
application fails to properly sanitize user input, it’s possible to
modify LDAP statements through techniques similar to SQL Injection.
LDAP injection attacks could result in the granting of permissions to
unauthorized queries, and content modification inside the LDAP tree.
This risk may only occur when the user logs in with ldap, and the user
name and password login will not be affected, Users of the affected
versions should upgrade to Apache StreamPark 2.0.0 or later.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache StreamPark (incubating)",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-45801
2023-05-01 15:15:08
prion
prion
Sql injection
2023-05-01 15:15:00
osv
osv
Apache StreamPark LDAP Injection vulnerability
2023-05-01 15:30:26
nvd
nvd
CVE-2022-45801
2023-05-01 15:15:08
github
github
Apache StreamPark LDAP Injection vulnerability
2023-05-01 15:30:26