Use Of A Hard-Coded Cryptographic Key

org.apache.streampark, streampark is vulnerable to Use of a Hard-Coded Cryptographic Key. The vulnerability is due to the use of a fixed, immutable encryption key in the application, which allows an attacker to recover the key through code analysis and decrypt sensitive data or forge encrypted...

Apache StreamPark Weak Algorithm Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

Weak Encryption

org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...

Apache StreamPark has a hard-coded encryption key

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

CVE-2025-54947

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

PT-2025-50940

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

Incorrect Execution-Assigned Permissions

org.apache.streampark:streampark is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to improper handling of execution-assigned permissions, which allows an attacker to gain unauthorized access or execute actions with elevated privileges...

EUVD-2023-2094

Malicious code in bioql PyPI...

EUVD-2024-26732

Malicious code in bioql PyPI...

CVE-2024-48988

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package SpringBoot platform and does not involve Maven...

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A SQL injection vulnerability exists in Apache StreamPark versions 2.1.4 through 2.1.6 and earlier, which stems from the application's lack of validation of externally entered S...

CVE-2022-45802

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later...

CVE-2024-29120

In Streampark version 2.1.4, when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc...

Apache StreamPark Insufficient Session Expiration Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark versions prior to 2.1.4 suffer from a session expiration insufficiency vulnerability, which stems from the fact that the session is not expired after logging...

GHSA-HCF8-5J78-887V Apache StreamPark: Information leakage vulnerability

In Streampark version 2.1.4, when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. ...

CVE-2024-29120

In Streampark version 2.1.4, when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. ...

Apache StreamPark: Unchecked maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

Apache StreamPark: maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

Apache StreamPark SQL Injection Vulnerability (CNVD-2024-0217486)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit...