Lucene search

Veracode Vulnerability DatabaseVERACODE:48111

HistoryJul 18, 2024 - 5:38 a.m.

Command Injection

2024-07-1805:38:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

command injection

apache streampark

input parameter validation

system-level access

user login

user permissions

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

Low

EPSS

0.005

Percentile

76.8%

JSON

org.apache.streampark:streampark is vulnerable to Command Injection. The vulnerability is caused due to insufficient input parameter validation, allowing attackers to insert commands. Exploiting this requires system-level access via user login, thereby limiting its risk due to controlled user permissions and the unlikely scenario of manual entry of dangerous commands by authorized users.

References

www.openwall.com/lists/oss-security/2024/07/17/1

lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf