Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-vv8h-m63v-53pq

Опубликовано: 18 июл. 2024
Источник: github
Github: Прошло ревью
CVSS3: 8.8

Описание

Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability.

Mitigation:

all users should upgrade to 2.1.4

Ссылки

Пакеты

Наименование

org.apache.streampark:streampark

maven
Затронутые версииВерсия исправления

< 2.1.4

2.1.4

EPSS

Процентиль: 94%
0.12018
Средний

8.8 High

CVSS3

CVE ID

CVE-2024-29178

Дефекты

CWE-94

Связанные уязвимости

nvd логотип

CVE-2024-29178

CVSS3: 8.8
nvd
больше 1 года назад

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4

EPSS

Процентиль: 94%
0.12018
Средний

8.8 High

CVSS3

CVE ID

CVE-2024-29178

Дефекты

CWE-94