Vulnerability Details CVE-2022-45802
Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-45802
-
cpe:2.3:a:apache:streampark:1.0.0
-
cpe:2.3:a:apache:streampark:1.1.0
-
cpe:2.3:a:apache:streampark:1.1.1
-
cpe:2.3:a:apache:streampark:1.2.0
-
cpe:2.3:a:apache:streampark:1.2.1
-
cpe:2.3:a:apache:streampark:1.2.2
-
cpe:2.3:a:apache:streampark:1.2.3