3 matches found
CVE-2023-49898
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...
CVE-2023-49898 Apache StreamPark (incubating): Authenticated system users could trigger remote command execution
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...
CVE-2023-49898
CVE-2023-49898 concerns Apache StreamPark: a project module that integrates Maven compilation lacks validation of Maven parameters, allowing remote command execution. The advisory notes that an attacker must be an authenticated system user with high privileges, limiting exposure, and that the ove...