Vulnerabilities > Apache > Streampark > 2.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-34457 | Unspecified vulnerability in Apache Streampark On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | 6.5 |
| 2024-07-18 | CVE-2024-29178 | Unspecified vulnerability in Apache Streampark On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 | 8.8 |
| 2024-07-17 | CVE-2023-52291 | Unspecified vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-07-17 | CVE-2024-29737 | Unspecified vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |