VYPR
Moderate severityNVD Advisory· Published Dec 15, 2023· Updated Aug 2, 2024

Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability

CVE-2023-30867

Description

In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage.

Mitigation:

Users are recommended to upgrade to version 2.1.2, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.streampark:streamparkMaven
>= 2.0.0, < 2.1.22.1.2

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.