Vulnerabilities > Apache > Streampipes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-17 | CVE-2024-31411 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Streampipes Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | 8.8 |
| 2024-07-17 | CVE-2024-30471 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Streampipes Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | 3.7 |
| 2024-07-17 | CVE-2024-31979 | Server-Side Request Forgery (SSRF) vulnerability in Apache Streampipes Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. | 4.3 |
| 2023-06-23 | CVE-2023-31469 | Improper Privilege Management vulnerability in Apache Streampipes A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. | 8.8 |