Unofficial: Remote Code Execution Vulnerability identified in [Unnamed] Templates

CVE-2024-29178

8.8HIGH

Key Information

Vendor: Apache
Status: Apache Streampark
Vendor: CVE Published:; 18 July 2024

Summary

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4

Affected Version(s)

Apache StreamPark < 2.1.4

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 18, 2024
Vulnerability Reserved.
Mar 18, 2024

Collectors

NVD DatabaseMitre Database

Credit

L0ne1y