3 matches found
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
PT-2024-5250 · Apache · Apache Streampark
Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions prior to 2.1.4 Description: The issue is related to incorrect handling of the character in the Project Module of Apache StreamPark, allowing remote attackers to execute arbitrary commands. The vulnerability can be...