threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache streampark
Product
apache streampark
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-53960
>= 2.0.0 and < 2.1.7
When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS
5.9
MEDIUM
CVE-2025-54981
>= 2.0.0 and < 2.1.7
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting s
7.5
HIGH
CVE-2025-54947
>= 2.0.0 and < 2.1.7
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vul
9.8
CRITICAL
CVE-2025-30001
>= 2.1.4 and < 2.1.6
Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 bef
7.3
HIGH
CVE-2024-48988
>= 2.1.4 and < 2.1.6
SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recom
7.6
HIGH
CVE-2024-29070
>= 1.0.0 and < 2.1.4
On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service retu
9.1
CRITICAL
CVE-2024-34457
< 2.1.4
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization toke
6.5
MEDIUM
CVE-2024-29178
< 2.1.4
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the se
8.8
HIGH
CVE-2024-29120
>= 2.0.0 and < 2.1.4
In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front
5.9
MEDIUM
CVE-2024-29737
>= 2.0.0 and < 2.1.4
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allow
4.7
MEDIUM
CVE-2023-52291
>= 2.0.0 and < 2.1.4
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allow
4.7
MEDIUM
CVE-2023-52290
>= 2.0.0 and < 2.1.4
In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front
8.1
HIGH
CVE-2023-49898
>= 2.0.0 and < 2.1.2
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compila
7.2
HIGH
CVE-2023-30867
>= 2.0.0 and < 2.1.2
In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search
4.9
MEDIUM
CVE-2022-46365
>= 1.0.0 and < 2.0.0
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the
9.1
CRITICAL
CVE-2022-45802
< 2.0.0
Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, caus
9.8
CRITICAL
CVE-2022-45801
>= 1.0.0 and < 2.0.0
Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applic
5.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin