Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN545
_____________________________________________________________________

DATE                : 25/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache StreamPark versions prior
                                      to 2.1.6.

=====================================================================
https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s
_____________________________________________________________________

CVE-2024-48988: Apache StreamPark: SQL injection vulnerability
Severity: low 

Affected versions:

- Apache StreamPark 2.1.4 before 2.1.6

Description:

SQL Injection vulnerability in Apache StreamPark.

This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.

Users are recommended to upgrade to version 2.1.6, which fixes the
issue.


This vulnerability is present only in the distribution package
(SpringBoot platform) and does not involve Maven artifacts.
It can only be exploited after a user has successfully logged into the
platform (implying that the attacker would first need to compromise
the login authentication). 

As a result, the associated risk is considered relatively low.


Credit:

Xingchen Chen, Ze Jin, wh1t3p1g, yhbl, Qixu Liu  Institute of Information
Engineering, CAS (reporter)


References:

https://streampark.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-48988


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================