Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentApacheVULNRICHMENT:CVE-2023-52290
HistoryJul 16, 2024 - 7:37 a.m.

CVE-2023-52290 Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability

2024-07-1607:37:38
CWE-89
apache
github.com
6
apache streampark
sql injection
data leakage

AI Score

8

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON

In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn’t validated, there is a risk of SQL injection vulnerability.Β The attacker must successfully log into the system to launch an attack, which may cause data leakage. Since no data will be written, so this is a low-impact vulnerability.

Mitigation:

all users should upgrade to 2.1.4, Such parameters will be blocked.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:apache:streampark:2.0.0:-:*:*:*:*:*:*"
    ],
    "vendor": "apache",
    "product": "streampark",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.0",
        "lessThan": "2.1.4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

cvelist 1
cve 1
nvd 1
veracode 1
cvelist
cvelist
CVE-2023-52290 Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability
2024-07-16 07:37:38
cve
cve
CVE-2023-52290
2024-07-16 08:15:02
nvd
nvd
CVE-2023-52290
2024-07-16 08:15:02
veracode
veracode
SQL Injection
2024-07-17 06:21:48

AI Score

8

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON
Related for VULNRICHMENT:CVE-2023-52290
cvelist1cve1nvd1veracode1