VYPR

StreamPark

by Apache

Source repositories

CVEs (6)

  • CVE-2024-29178HigJul 18, 2024
    risk 0.57cvss 8.8epss 0.01

    On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users…

  • CVE-2024-29070CriJul 23, 2024
    risk 0.52cvss 9.1epss 0.01

    On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. …

  • CVE-2024-29120MedJul 17, 2024
    risk 0.38cvss 5.9epss 0.00

    In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password,…

  • CVE-2024-34457MedJul 22, 2024
    risk 0.35cvss 6.5epss 0.01

    On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4

  • CVE-2025-30001Oct 10, 2025
    risk 0.00cvss epss 0.01

    Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.

  • CVE-2024-48988Aug 22, 2025
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and…