Vulnerabilities > Apache > Streampark > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-34457 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Streampark On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | 6.5 |
| 2024-07-17 | CVE-2023-52291 | Command Injection vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-07-17 | CVE-2024-29737 | Command Injection vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2023-12-15 | CVE-2023-30867 | SQL Injection vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1 In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. | 4.9 |
| 2023-05-01 | CVE-2022-45801 | Injection vulnerability in Apache Streampark Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. | 5.4 |