CVE-2025-30001 Apache StreamPark: Authenticated users can trigger remote command execution

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue...

PT-2025-38130

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.1.4 through 2.1.5 Description An issue exists in Apache StreamPark that allows authenticated users to trigger remote command execution. Recommendations Upgrade to version 2.1.6 to resolve the issue...

CVE-2024-48988

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package SpringBoot platform and does not involve Maven...

CVE-2024-48988

CVE-2024-48988 (Apache StreamPark): SQL injection vulnerability affecting StreamPark 2.1.4 through 2.1.5 (and 2.1.6 pre-release window) in the SpringBoot distribution package. Root cause: lack of validation of externally supplied SQL statements, enabling manipulation after user login. Impact: cou...

PT-2025-34477 · Apache · Apache Streampark

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions 2.1.4 through 2.1.5 Description: A SQL Injection vulnerability exists in Apache StreamPark. This issue is present only in the distribution package SpringBoot platform and does not involve Maven artifacts. Exploitati...

GHSA-WJP3-4XCQ-598P Apache Sling JCR ContentLoader XmlReader Arbitrary File Load

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader...