org.apache.streampark:streampark 2.1.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.streampark:streampark package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Arbitrary Code Injection Affected versions of this package are vulnerable to Arbitrary Code Injection via the template processing mechanism. An attacker can execute arbitrary code on the server by injecting malicious templates after successfully logging into the system. How to fix Arbitrary Code Injection? Upgrade `org.apache.streampark:streampark` to version 2.1.4 or higher.	[,2.1.4)
M Arbitrary Command Injection Affected versions of this package are vulnerable to Arbitrary Command Injection due to insufficient validation of input parameters in the `maven` build process. An attacker can execute arbitrary commands by injecting malicious input into the build parameters. Note: This is only exploitable if the user has system-level permissions. How to fix Arbitrary Command Injection? Upgrade `org.apache.streampark:streampark` to version 2.1.4 or higher.	[,2.1.4)
M Arbitrary Command Injection Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper validation of parameter input. An attacker can execute arbitrary commands by injecting malicious input into the build parameters. Note: This is only exploitable if the user has system-level permissions. How to fix Arbitrary Command Injection? Upgrade `org.apache.streampark:streampark` to version 2.1.4 or higher.	[,2.1.4)
M Insufficient Session Expiration Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management. An attacker can maintain access and perform unauthorized actions by using the `Authorization` token even after the user has logged out. How to fix Insufficient Session Expiration? A fix was pushed into the `master` branch but not yet published.	[0,)
L SQL Injection Affected versions of this package are vulnerable to SQL Injection through the `sort` field in the list pages. An attacker can manipulate the SQL queries and potentially access or manipulate data by injecting SQL commands. How to fix SQL Injection? Upgrade `org.apache.streampark:streampark` to version 2.1.4 or higher.	[2.0.0,2.1.4)
M Improper Neutralization of Special Elements used in a Command ('Command Injection') Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in a Command ('Command Injection') due to insufficient validation of user-supplied input in the Maven compilation parameters. An attacker can execute arbitrary commands on the system by injecting malicious input into the build process. This is only exploitable if the attacker has logged in to the system with system-level permissions. How to fix Improper Neutralization of Special Elements used in a Command ('Command Injection')? Upgrade `org.apache.streampark:streampark` to version 2.1.2 or higher.	[2.0.0,2.1.2)
M SQL Injection Affected versions of this package are vulnerable to SQL Injection. An attacker can cause information leakage by supplying malicious parameters to the `jobName` field. How to fix SQL Injection? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Arbitrary Code Injection

Affected versions of this package are vulnerable to Arbitrary Code Injection via the template processing mechanism. An attacker can execute arbitrary code on the server by injecting malicious templates after successfully logging into the system.

How to fix Arbitrary Code Injection?

Upgrade org.apache.streampark:streampark to version 2.1.4 or higher.

[,2.1.4)

Arbitrary Command Injection

Affected versions of this package are vulnerable to Arbitrary Command Injection due to insufficient validation of input parameters in the maven build process. An attacker can execute arbitrary commands by injecting malicious input into the build parameters.

Note:

This is only exploitable if the user has system-level permissions.

How to fix Arbitrary Command Injection?

Upgrade org.apache.streampark:streampark to version 2.1.4 or higher.

[,2.1.4)

Arbitrary Command Injection

Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper validation of parameter input. An attacker can execute arbitrary commands by injecting malicious input into the build parameters.

Note:

This is only exploitable if the user has system-level permissions.

How to fix Arbitrary Command Injection?

Upgrade org.apache.streampark:streampark to version 2.1.4 or higher.

[,2.1.4)

Insufficient Session Expiration

Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management. An attacker can maintain access and perform unauthorized actions by using the Authorization token even after the user has logged out.

How to fix Insufficient Session Expiration?

A fix was pushed into the master branch but not yet published.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection through the sort field in the list pages. An attacker can manipulate the SQL queries and potentially access or manipulate data by injecting SQL commands.

How to fix SQL Injection?

Upgrade org.apache.streampark:streampark to version 2.1.4 or higher.

[2.0.0,2.1.4)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in a Command ('Command Injection') due to insufficient validation of user-supplied input in the Maven compilation parameters. An attacker can execute arbitrary commands on the system by injecting malicious input into the build process. This is only exploitable if the attacker has logged in to the system with system-level permissions.

How to fix Improper Neutralization of Special Elements used in a Command ('Command Injection')?

Upgrade org.apache.streampark:streampark to version 2.1.2 or higher.

[2.0.0,2.1.2)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection. An attacker can cause information leakage by supplying malicious parameters to the jobName field.

How to fix SQL Injection?

A fix was pushed into the master branch but not yet published.

[0,)

org.apache.streampark:streampark@2.1.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?