Apache Streampark

17 CVEs affecting Apache Streampark. Latest disclosed: 2025-12-12. Critical: 4, High: 6.

Top CVEs affecting Apache Streampark
CVESeverityScorePublishedSummary
CVE-2025-54947Critical9.82025-12-12In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the…
CVE-2022-45802Critical9.82023-05-01Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high…
CVE-2024-29070Critical9.12024-07-23On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the fro…
CVE-2022-46365Critical9.12023-05-01Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter…
CVE-2024-29178High8.82024-07-18On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must succe…
CVE-2023-52290High8.12024-07-16In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the…
CVE-2024-48988High7.62025-08-22SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version…
CVE-2025-54981High7.52025-12-12Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT t…
CVE-2025-30001High7.32025-10-10Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recomme…
CVE-2023-49898High7.22023-12-15In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. all…
CVE-2024-34457Medium6.52024-07-22On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user fli…
CVE-2025-53960Medium5.92025-12-12When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256 algorithm). An attacker c…
CVE-2024-29120Medium5.92024-07-17In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credentia…
CVE-2022-45801Medium5.42023-05-01Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP st…
CVE-2023-30867Medium4.92023-12-15In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role nam…
CVE-2024-29737Medium4.72024-07-17In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert comma…
CVE-2023-52291Medium4.72024-07-17In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert comma…