oss-sec mailing list archives
CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory
From: Huajie Wang <benjobs () apache org>
Date: Fri, 21 Apr 2023 00:09:07 +0800
Apache StreamPark (incubating): Upload any file to any directory Severity: low Versions Affected: Apache StreamPark 1.0.0 before 2.0.0 Description: Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some risky files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later Mitigation: Users of the affected versions should apply one of the following - Upgrade to Apache StreamPark 2.0.0 or later References: https://streampark.incubator.apache.orghttps://www.cve.org/CVERecord?id=CVE-2022-45802 Best, Huajie Wang
Current thread:
- CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory Huajie Wang (Apr 20)