[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory
From: Huajie Wang <benjobs () apache ! org>
Date: 2023-04-20 16:09:07
Message-ID: CAKYehMa_Fdx---OGfL6DK0Jdm1O67Y6VG0jfN1ukPf6zoDLRgg () mail ! gmail ! com
[Download RAW message or body]
Apache StreamPark (incubating): Upload any file to any directory
Severity: low
Versions Affected:
Apache StreamPark 1.0.0 before 2.0.0
Description:
Streampark allows any users to upload a jar as application, but there
is no mandatory verification of the uploaded file type, causing users
to upload some risky files, and may upload them to any directory,
Users of the affected versions should upgrade to Apache StreamPark
2.0.0 or later
Mitigation:
Users of the affected versions should apply one of the following
- Upgrade to Apache StreamPark 2.0.0 or later
References:
https://streampark.incubator.apache.orghttps://www.cve.org/CVERecord?id=CVE-2022-45802
Best,
Huajie Wang
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic