Lucene search
K

5 matches found

OSV
OSV
added 2023/07/06 7:24 p.m.17 views

GHSA-6874-289G-F7H7 Apache StreamPark Path Traversal vulnerability

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type. This means users may upload some high-risk files, and may upload them to any directory. Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later...

9.8CVSS9.4AI score0.01308EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.29 views

Apache StreamPark Path Traversal vulnerability

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type. This means users may upload some high-risk files, and may upload them to any directory. Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later...

9.8CVSS6.9AI score0.01308EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2023/05/01 3:15 p.m.25 views

CVE-2022-45802

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later...

9.8CVSS9.5AI score0.01308EPSS
Exploits0References1
OSV
OSV
added 2023/05/01 2:4 p.m.13 views

CVE-2022-45802 Apache StreamPark (incubating): Upload any file to any directory

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later...

9.8CVSS7.2AI score0.01308EPSS
Exploits0References3
CVE
CVE
added 2023/05/01 2:4 p.m.60 views

CVE-2022-45802

CVE-2022-45802 (Apache StreamPark) : The vulnerability stems from a lack of mandatory verification of uploaded files when users submit jars as applications, which can permit uploading high-risk files and potentially placing them in arbitrary directories. This aligns with reported path traversal c...

9.8CVSS9.5AI score0.01308EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder