SQL Injection vulnerability in Apache StreamPark.
This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.
Users are recommended to upgrade to version 2.1.6, which fixes the issue.
This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.
It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication).
As a result, the associated risk is considered relatively low.
This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.
Users are recommended to upgrade to version 2.1.6, which fixes the issue.
This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.
It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication).
As a result, the associated risk is considered relatively low.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-89 | |
CPEs | cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:* |
Sat, 23 Aug 2025 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache streampark |
|
Vendors & Products |
Apache
Apache streampark |
Fri, 22 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Fri, 22 Aug 2025 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the associated risk is considered relatively low. | |
Title | Apache StreamPark: SQL injection vulnerability | |
Weaknesses | CWE-564 | |
References |
|

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-08-22T18:47:04.200Z
Reserved: 2024-10-11T12:07:26.343Z
Link: CVE-2024-48988

Updated: 2025-08-22T18:46:54.474Z

Status : Analyzed
Published: 2025-08-22T19:15:38.217
Modified: 2025-08-26T19:18:01.360
Link: CVE-2024-48988

No data.

Updated: 2025-08-23T10:55:03Z