Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Streampark Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2022-45802

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later

9.8CVSS

9.4AI Score

0.005EPSS

2023-05-01 03:15 PM
29
cve
cve

CVE-2022-46365

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to s...

9.1CVSS

9.1AI Score

0.002EPSS

2023-05-01 03:15 PM
25
cve
cve

CVE-2024-29070

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users shoul...

9.1CVSS

6.7AI Score

0.0004EPSS

2024-07-23 09:15 AM
28