Vulnerabilities > Apache > Streampark > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-18 | CVE-2024-29178 | Code Injection vulnerability in Apache Streampark On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 | 8.8 |
| 2023-12-15 | CVE-2023-49898 | Command Injection vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1 In streampark, there is a project module that integrates Maven's compilation capability. | 7.2 |