CVE-2023-49898

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

Use Of A Hard-Coded Cryptographic Key

org.apache.streampark, streampark is vulnerable to Use of a Hard-Coded Cryptographic Key. The vulnerability is due to the use of a fixed, immutable encryption key in the application, which allows an attacker to recover the key through code analysis and decrypt sensitive data or forge encrypted...

Apache StreamPark Weak Algorithm Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

Apache StreamPark Security Bypass Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

CVE-2025-54947

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

Use Of Hard-coded Cryptographic Key

Apache StreamPark is vulnerable to use of a hard-coded cryptographic key. The vulnerability is due to Apache StreamPark uses an immutable, embedded key for encryption instead of a securely generated or configurable one, allowing attackers who obtain the key through reverse engineering or source...

Weak Encryption

org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...

EUVD-2025-203092

Apache StreamPark: Use the user’s password as the secret key Vulnerability...

GHSA-3HG2-RH4R-8QF6 Apache StreamPark: Use the user’s password as the secret key Vulnerability

When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leadi...

Apache StreamPark: Use the user’s password as the secret key Vulnerability

When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leadi...

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

GHSA-749J-2HP6-8CXM Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

EUVD-2025-203081

Apache StreamPark uses a Weak Encryption Algorithm...

EUVD-2025-203084

Apache StreamPark has a hard-coded encryption key...

Apache StreamPark has a hard-coded encryption key

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

GHSA-PRV5-C2PX-J9Q3 Apache StreamPark has a hard-coded encryption key

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

CVE-2025-54947

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...