VYPR
Critical severityNVD Advisory· Published May 1, 2023· Updated Oct 21, 2024

Apache StreamPark (incubating): Upload any file to any directory

CVE-2022-45802

Description

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.streampark:streampark-common_2.12Maven
< 2.0.02.0.0
org.apache.streampark:streampark-common_2.11Maven
< 2.0.02.0.0

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.