Lucene search

Veracode Vulnerability DatabaseVERACODE:48123

HistoryJul 19, 2024 - 4:53 a.m.

Template Injection

2024-07-1904:53:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache streampark

template injection

input validation

arbitrary code

server security

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.002

Percentile

57.1%

JSON

Apache StreamPark is vulnerable to template injection. The vulnerability is due to insufficient input validation that allows attacker to perform a template injection that potentially leads to execution of arbitrary code on server.

References

www.openwall.com/lists/oss-security/2024/07/18/1

github.com/apache/incubator-streampark/commit/9a0295147501ce690975c4fb9628aeb2b11c8ced

github.com/apache/incubator-streampark/pull/3661

lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.002

Percentile

57.1%

JSON

Related for VERACODE:48123