Описание
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability.
Mitigation:
all users should upgrade to 2.1.4
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.4 (исключая)
cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12018
Средний
8.8 High
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 8.8
github
больше 1 года назад
Apache StreamPark: FreeMarker SSTI RCE Vulnerability
EPSS
Процентиль: 94%
0.12018
Средний
8.8 High
CVSS3
Дефекты
CWE-94