Severity: low
Affected versions:
- Apache StreamPark 2.1.4 before 2.1.6
Description:
Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark.
This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.
Users are recommended to upgrade to version 2.1.6, which fixes the
Severity: low
Affected versions:
- Apache StreamPark 2.1.4 before 2.1.6
Description:
SQL Injection vulnerability in Apache StreamPark.
This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.
Users are recommended to upgrade to version 2.1.6, which fixes the issue.
This vulnerability
Severity: moderate
Affected versions:
- Apache StreamPark 1.0.0 before 2.1.4
Description:
On versions before 2.1.4, session is not invalidated after logout. When the
user logged in successfully, the Backend service returns "Authorization" as the
front-end authentication credential. "Authoriza
Severity: moderate
Affected versions:
- Apache StreamPark 1.0.0 before 2.1.4
Description:
On versions before 2.1.4, after a regular user successfully logs in, they can
manually make a request using the authorization token to view everyone's user
flink information, including executeSQL and con
Severity: moderate
Affected versions:
- Apache StreamPark 1.0.0 before 2.1.4
Description:
On versions before 2.1.4, a user could log in and perform a template injection
attack resulting in Remote Code Execution on the server, The attacker must
successfully log into the system to launch an att
Severity: important
Affected versions:
- Apache StreamPark 2.0.0 before 2.1.4
Description:
In Streampark (version < 2.1.4), when a user logged in successfully, the
Backend service would return "Authorization" as the front-end authentication
credential. User can use this credential to request
Severity: low
Affected versions:
- Apache StreamPark (incubating) 2.0.0 before 2.1.4
Description:
In streampark, the project module integrates Maven's compilation capabilities.
The input parameter validation is not strict, allowing attackers to insert
commands for remote command execution, Th
Severity: low
Affected versions:
- Apache StreamPark (incubating) 2.0.0 before 2.1.4
Description:
In streampark, the project module integrates Maven's compilation capabilities.
The input parameter validation is not strict, allowing attackers to insert
commands for remote command execution, Th
Severity: low
Affected versions:
- Apache StreamPark (incubating) 2.0.0 before 2.1.4
Description:
In streampark-console the list pages(e.g: application pages), users can sort
page by field. This sort field is sent from the front-end to the back-end, and
the SQL query is generated using this f
