Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.5 views

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

5.9CVSS6.8AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 3:10 p.m.5 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS6AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 2:11 a.m.8 views

CVE-2023-30867

In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters,...

4.9CVSS7.4AI score0.00852EPSS
Exploits0References1
Snyk
Snyk
added 2024/07/18 12:30 p.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the template processing mechanism. An attacker can execute arbitrary code on the server by injecting malicious templates after successfully logging into the system. Remediation Upgrade...

8.8CVSS8.2AI score0.01239EPSS
Exploits0References2
Rows per page
Query Builder