3 matches found
CVE-2024-34457
CVE-2024-34457 affects Apache StreamPark versions prior to 2.1.4. After a regular user logs in, an attacker can manually issue a request with a valid authorization token to view all users’ flink information, including sensitive fields like executeSQL and config . Root cause described as a privile...
CVE-2022-45802
CVE-2022-45802 (Apache StreamPark) : The vulnerability stems from a lack of mandatory verification of uploaded files when users submit jars as applications, which can permit uploading high-risk files and potentially placing them in arbitrary directories. This aligns with reported path traversal c...
CVE-2024-29178
Apache StreamPark before version 2.1.4 is affected by a FreeMarker SSTI vulnerability that an authenticated user can exploit to achieve Remote Code Execution on the server. Root cause: template injection via FreeMarker in the application, with high impact (CVE-2024-29178). Remediation: upgrade to...