187 matches found
CVE-2022-45802
CVE-2022-45802 (Apache StreamPark) : The vulnerability stems from a lack of mandatory verification of uploaded files when users submit jars as applications, which can permit uploading high-risk files and potentially placing them in arbitrary directories. This aligns with reported path traversal c...
PT-2023-14756 · Apache · Apache Streampark
Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions prior to 2.0.0 Description: The issue allows any user to upload a jar as an application without mandatory verification of the uploaded file type. This enables users to upload high-risk files and potentially upload...
Apache StreamPark 代码问题漏洞
Apache StreamPark is a streaming media application development framework from the Apache Foundation. Apache StreamPark suffers from a code issue vulnerability that stems from allowing any user to upload a jar as an application, but not forcing validation of the uploaded file type, leading to the...
Apache StreamPark 输入验证错误漏洞
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from an input validation error vulnerability that stems from the fact that when a user modifies his or her profile, the username is passed as a paramet...
Apache StreamPark 注入漏洞
Apache StreamPark is a streaming media application development framework from the Apache Foundation. Apache StreamPark suffers from an injection vulnerability that stems from the presence of an LDAP injection vulnerability...
PT-2023-14915 · Apache · Apache Streampark
Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions 1.0.0 through 1.0.0 Description: The issue arises when a user successfully logs in and attempts to modify their profile. The username is passed to the server-layer as a parameter but is not verified to ensure it...
PT-2022-6585 · Apache · Apache Streampark
Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions 1.0.0 through 2.0.0 Description: The issue is related to an LDAP injection vulnerability, which is an attack used to exploit web-based applications that construct LDAP statements based on user input. When an...