Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-749j-2hp6-8cxm

Опубликовано: 12 дек. 2025
Источник: github
Github: Прошло ревью
CVSS4: 8.7

Описание

Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data

This issue affects Apache StreamPark: from 2.0.0 before 2.1.7.

Users are recommended to upgrade to version 2.1.7, which fixes the issue.

Ссылки

Пакеты

Наименование

org.apache.streampark:streampark

maven
Затронутые версииВерсия исправления

>= 2.0.0, < 2.1.7

2.1.7

EPSS

Процентиль: 4%
0.0002
Низкий

8.7 High

CVSS4

CVE ID

CVE-2025-54981

Дефекты

CWE-327

Связанные уязвимости

nvd логотип

CVE-2025-54981

CVSS3: 7.5
nvd
около 2 месяцев назад

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.

EPSS

Процентиль: 4%
0.0002
Низкий

8.7 High

CVSS4

CVE ID

CVE-2025-54981

Дефекты

CWE-327