Vulnerabilities > CVE-2022-45802 - Unspecified vulnerability in Apache Streampark

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

critical

NVD

Published: 2023-05-01

Updated: 2024-11-21

Summary

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Streampark 1.0.0 Apache Streampark 1.1.0 Apache Streampark 1.1.1 Apache Streampark 1.2.0 Apache Streampark 1.2.1 Apache Streampark 1.2.2 Apache Streampark 1.2.3	12

References

https://lists.apache.org/thread/thwl1v2h6r3c21x1qwff08o57qzjnst6
https://lists.apache.org/thread/thwl1v2h6r3c21x1qwff08o57qzjnst6