Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later






Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 21 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-10-21T15:10:45.155Z

Reserved: 2022-11-23T07:18:36.400Z

Link: CVE-2022-45802

cve-icon Vulnrichment

Updated: 2024-08-03T14:17:04.058Z

cve-icon NVD

Status : Modified

Published: 2023-05-01T15:15:08.943

Modified: 2024-11-21T07:29:44.770

Link: CVE-2022-45802

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.