Skip to main content

Streampark

8 CVEs product

Monthly

CVE-2024-48988 HIGH This Month

SQL Injection vulnerability in Apache StreamPark.1.4 before 2.1.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Streampark
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2024-29070 CRITICAL Act Now

On versions before 2.1.4, session is not invalidated after logout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streampark
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-34457 MEDIUM This Month

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Streampark
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-29178 Maven HIGH PATCH This Week

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Streampark
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-29120 Maven MEDIUM PATCH This Month

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streampark
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-29737 Maven MEDIUM PATCH This Month

In streampark, the project module integrates Maven's compilation capabilities. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Streampark
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2023-49898 Maven HIGH PATCH This Week

In streampark, there is a project module that integrates Maven's compilation capability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Streampark
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2023-30867 Maven MEDIUM PATCH This Month

In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Streampark
NVD
CVSS 3.1
4.9
EPSS
0.9%
EPSS 0% CVSS 7.6
HIGH This Month

SQL Injection vulnerability in Apache StreamPark.1.4 before 2.1.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Streampark
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

On versions before 2.1.4, session is not invalidated after logout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streampark
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Streampark
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Streampark
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streampark
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

In streampark, the project module integrates Maven's compilation capabilities. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Streampark
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

In streampark, there is a project module that integrates Maven's compilation capability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Streampark
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Streampark
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy