Vulnerabilities > Apache > Streampark > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-34457 Unspecified vulnerability in Apache Streampark
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4
network
low complexity
apache
6.5
2024-07-17 CVE-2023-52291 Unspecified vulnerability in Apache Streampark
In streampark, the project module integrates Maven's compilation capabilities.
network
low complexity
apache
4.7
2024-07-17 CVE-2024-29737 Unspecified vulnerability in Apache Streampark
In streampark, the project module integrates Maven's compilation capabilities.
network
low complexity
apache
4.7
2023-12-15 CVE-2023-30867 SQL Injection vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1
In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc.
network
low complexity
apache CWE-89
4.9
2023-05-01 CVE-2022-45801 Unspecified vulnerability in Apache Streampark
Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input.
network
low complexity
apache
5.4