Apache StreamPark Tackles Security Flaws: Critical Vulnerability Patched, Others Deemed Low Risk

Apache StreamPark, the popular streaming application development framework, has released a security advisory addressing multiple vulnerabilities, urging users to upgrade to version 2.1.4 for enhanced protection.

A critical vulnerability, identified as CVE-2024-29120, has been patched, resolving an information leakage issue. Previously, successful logins could expose the “Authorization” credential, potentially allowing unauthorized access to sensitive user data, including administrator credentials.

Two vulnerabilities labeled as “low” severity, CVE-2024-29737 and CVE-2023-52291, involved potential remote command execution through unchecked Maven build parameters. However, successful exploitation required user login and system-level permissions, making these vulnerabilities less likely to be exploited in real-world scenarios.

Another low-risk vulnerability, CVE-2023-52290, involved the potential for SQL injection through unchecked sort fields on list pages. While this could lead to data leakage, it required a successful login and would not allow data modification.

Despite the low-risk nature of some vulnerabilities, Apache StreamPark’s proactive approach in addressing all reported issues highlights the project’s commitment to security. Users are strongly encouraged to upgrade to version 2.1.4, which includes fixes for all identified vulnerabilities.

For further information and to download the latest version of Apache StreamPark, users can visit the project’s official website or GitHub repository.