Streampark@1.0.0 Security Vulnerabilities and Issues — Streampark@1.0.0 CVE List

Lucene search

ApacheStreampark1.0.0

3 matches found

CVE•added 2023/05/01 3:15 p.m.•47 views

CVE-2022-45801

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.LDAP Injection is an attack used to exploit web based applicationsthat construct LDAP statements based on user input. When anapplication fails to properly sanitize user input, it's possible tomodify LDAP statements through techniq...

5.4CVSS6.1AI score0.00065EPSS

CVE•added 2024/07/23 9:15 a.m.•44 views

CVE-2024-29070

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users shoul...

9.1CVSS6.7AI score0.00118EPSS

CVE•added 2023/05/01 3:15 p.m.•33 views

CVE-2022-46365

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to s...

9.1CVSS9.2AI score0.00041EPSS