Lucene search

Veracode Vulnerability DatabaseVERACODE:48135

HistoryJul 19, 2024 - 9:08 a.m.

Remote Code Execution (RCE)

2024-07-1909:08:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote code execution

apache streampipes

file upload restriction

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Apache StreamPipes is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the lack of restrictions on the types of files that authenticated and authorized users can upload, which allows an attacker to execute malicious code on the server.

References

github.com/advisories/GHSA-6523-jf4r-c962

github.com/apache/streampipes/commit/d53cd67699a10c1b24c02e68b5b3f501f03b2620

github.com/apache/streampipes/releases/tag/release%2F0.95.0

lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Related for VERACODE:48135