CVE-2022-45802

CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory

Vendor Apache Software Foundation

Product Apache StreamPark (incubating)

Weakness CWE-434 · Unrestricted file upload

Published May 1, 2023

Last update October 21, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later

Key dates

Disclosure timeline

May 1, 2023 CVE published

October 21, 2024 Record updated