SQL Injection vulnerability in Apache StreamPark.

This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.

Users are recommended to upgrade to version 2.1.6, which fixes the issue.


This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.
It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication).
As a result, the associated risk is considered relatively low.
History

Tue, 26 Aug 2025 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
CPEs cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*

Sat, 23 Aug 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache streampark
Vendors & Products Apache
Apache streampark

Fri, 22 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 22 Aug 2025 18:30:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the associated risk is considered relatively low.
Title Apache StreamPark: SQL injection vulnerability
Weaknesses CWE-564
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-08-22T18:47:04.200Z

Reserved: 2024-10-11T12:07:26.343Z

Link: CVE-2024-48988

cve-icon Vulnrichment

Updated: 2025-08-22T18:46:54.474Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-22T19:15:38.217

Modified: 2025-08-26T19:18:01.360

Link: CVE-2024-48988

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-23T10:55:03Z