cvelistv5 - cve-2024-48988

CVE-2024-48988 (GCVE-0-2024-48988)

Vulnerability from cvelistv5 – Published: 2025-08-22 18:24 – Updated: 2025-11-04 21:09

Summary

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the associated risk is considered relatively low.

Severity ?

No CVSS data available.

CWE

CWE-564 - SQL Injection

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/26ng8388l93zwjrst…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache StreamPark	Affected: 2.1.4 , < 2.1.6 (semver)

Credits

Xingchen Chen, Ze Jin, wh1t3p1g, yhbl, Qixu Liu Institute of Information Engineering, CAS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-48988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-22T18:46:36.076690Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-22T18:47:04.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:09:00.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/08/22/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache StreamPark",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.1.6",
              "status": "affected",
              "version": "2.1.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Xingchen Chen, Ze Jin, wh1t3p1g, yhbl, Qixu Liu  Institute of Information Engineering, CAS"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSQL Injection vulnerability in Apache StreamPark.\u003c/p\u003e\u003cp\u003eThis issue affects Apache StreamPark: from 2.1.4 before 2.1.6.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.1.6, which fixes the issue.\u003c/p\u003e\u003cbr\u003eThis vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.\u003cbr\u003eIt can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). \u003cbr\u003eAs a result, the associated risk is considered relatively low.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "SQL Injection vulnerability in Apache StreamPark.\n\nThis issue affects Apache StreamPark: from 2.1.4 before 2.1.6.\n\nUsers are recommended to upgrade to version 2.1.6, which fixes the issue.\n\n\nThis vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.\nIt can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). \nAs a result, the associated risk is considered relatively low."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-564",
              "description": "CWE-564 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T18:24:22.144Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache StreamPark: SQL injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-48988",
    "datePublished": "2025-08-22T18:24:22.144Z",
    "dateReserved": "2024-10-11T12:07:26.343Z",
    "dateUpdated": "2025-11-04T21:09:00.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-48988\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-08-22T19:15:38.217\",\"lastModified\":\"2025-11-04T22:16:04.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL Injection vulnerability in Apache StreamPark.\\n\\nThis issue affects Apache StreamPark: from 2.1.4 before 2.1.6.\\n\\nUsers are recommended to upgrade to version 2.1.6, which fixes the issue.\\n\\n\\nThis vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.\\nIt can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). \\nAs a result, the associated risk is considered relatively low.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en Apache StreamPark. Este problema afecta a Apache StreamPark desde la versi\u00f3n 2.1.4 hasta la 2.1.6. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.6, que soluciona el problema. Esta vulnerabilidad solo est\u00e1 presente en el paquete de distribuci\u00f3n (plataforma SpringBoot) y no afecta a los artefactos Maven. Solo se puede explotar despu\u00e9s de que un usuario haya iniciado sesi\u00f3n correctamente en la plataforma (lo que implica que el atacante primero tendr\u00eda que comprometer la autenticaci\u00f3n de inicio de sesi\u00f3n). Por lo tanto, el riesgo asociado se considera relativamente bajo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-564\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.4\",\"versionEndExcluding\":\"2.1.6\",\"matchCriteriaId\":\"E57C4042-F0B2-4C1B-8C3D-F627FF656819\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/22/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:09:00.563Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-48988\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-22T18:46:36.076690Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-22T18:46:54.474Z\"}}], \"cna\": {\"title\": \"Apache StreamPark: SQL injection vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Xingchen Chen, Ze Jin, wh1t3p1g, yhbl, Qixu Liu  Institute of Information Engineering, CAS\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache StreamPark\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.1.4\", \"lessThan\": \"2.1.6\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SQL Injection vulnerability in Apache StreamPark.\\n\\nThis issue affects Apache StreamPark: from 2.1.4 before 2.1.6.\\n\\nUsers are recommended to upgrade to version 2.1.6, which fixes the issue.\\n\\n\\nThis vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.\\nIt can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). \\nAs a result, the associated risk is considered relatively low.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSQL Injection vulnerability in Apache StreamPark.\u003c/p\u003e\u003cp\u003eThis issue affects Apache StreamPark: from 2.1.4 before 2.1.6.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.1.6, which fixes the issue.\u003c/p\u003e\u003cbr\u003eThis vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.\u003cbr\u003eIt can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). \u003cbr\u003eAs a result, the associated risk is considered relatively low.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-564\", \"description\": \"CWE-564 SQL Injection\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-08-22T18:24:22.144Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-48988\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:09:00.563Z\", \"dateReserved\": \"2024-10-11T12:07:26.343Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-08-22T18:24:22.144Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-6WPF-Q5X2-66FC

Vulnerability from github – Published: 2025-08-22 21:31 – Updated: 2025-11-05 00:31

Details

SQL Injection vulnerability in Apache StreamPark.

This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.

Users are recommended to upgrade to version 2.1.6, which fixes the issue.

This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the associated risk is considered relatively low.

Severity ?

7.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-48988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-564",
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T19:15:38Z",
    "severity": "HIGH"
  },
  "details": "SQL Injection vulnerability in Apache StreamPark.\n\nThis issue affects Apache StreamPark: from 2.1.4 before 2.1.6.\n\nUsers are recommended to upgrade to version 2.1.6, which fixes the issue.\n\n\nThis vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.\nIt can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). \nAs a result, the associated risk is considered relatively low.",
  "id": "GHSA-6wpf-q5x2-66fc",
  "modified": "2025-11-05T00:31:25Z",
  "published": "2025-08-22T21:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48988"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/08/22/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-48988

Vulnerability from fkie_nvd - Published: 2025-08-22 19:15 - Updated: 2025-11-04 22:16

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Summary

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s	Mailing List
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/08/22/1

Impacted products

	Vendor	Product	Version
	apache	streampark	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E57C4042-F0B2-4C1B-8C3D-F627FF656819",
              "versionEndExcluding": "2.1.6",
              "versionStartIncluding": "2.1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL Injection vulnerability in Apache StreamPark.\n\nThis issue affects Apache StreamPark: from 2.1.4 before 2.1.6.\n\nUsers are recommended to upgrade to version 2.1.6, which fixes the issue.\n\n\nThis vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts.\nIt can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). \nAs a result, the associated risk is considered relatively low."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en Apache StreamPark. Este problema afecta a Apache StreamPark desde la versi\u00f3n 2.1.4 hasta la 2.1.6. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.6, que soluciona el problema. Esta vulnerabilidad solo est\u00e1 presente en el paquete de distribuci\u00f3n (plataforma SpringBoot) y no afecta a los artefactos Maven. Solo se puede explotar despu\u00e9s de que un usuario haya iniciado sesi\u00f3n correctamente en la plataforma (lo que implica que el atacante primero tendr\u00eda que comprometer la autenticaci\u00f3n de inicio de sesi\u00f3n). Por lo tanto, el riesgo asociado se considera relativamente bajo."
    }
  ],
  "id": "CVE-2024-48988",
  "lastModified": "2025-11-04T22:16:04.210",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-22T19:15:38.217",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2025/08/22/1"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-564"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2025-20869

Vulnerability from cnvd - Published: 2025-09-09

Title

Apache StreamPark SQL注入漏洞

Description

Apache StreamPark是美国阿帕奇（Apache）基金会的一个流媒体应用程序开发框架。 Apache StreamPark 2.1.4版本至2.1.6之前版本存在SQL注入漏洞，该漏洞源于应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令窃取数据库敏感数据。

Severity

高

Patch Name

Apache StreamPark SQL注入漏洞的补丁

Patch Description

Apache StreamPark是美国阿帕奇（Apache）基金会的一个流媒体应用程序开发框架。 Apache StreamPark 2.1.4版本至2.1.6之前版本存在SQL注入漏洞，该漏洞源于应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令窃取数据库敏感数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://streampark.apache.org/download/

Reference

https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s

Impacted products

Name
Apache StreamPark >=2.1.4，<2.1.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-48988",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-48988"
    }
  },
  "description": "Apache StreamPark\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u6d41\u5a92\u4f53\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u6846\u67b6\u3002\n\nApache StreamPark 2.1.4\u7248\u672c\u81f32.1.6\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u7a83\u53d6\u6570\u636e\u5e93\u654f\u611f\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://streampark.apache.org/download/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-20869",
  "openTime": "2025-09-09",
  "patchDescription": "Apache StreamPark\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u6d41\u5a92\u4f53\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u6846\u67b6\u3002\r\n\r\nApache StreamPark 2.1.4\u7248\u672c\u81f32.1.6\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u7a83\u53d6\u6570\u636e\u5e93\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache StreamPark SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache StreamPark \u003e=2.1.4\uff0c\u003c2.1.6"
  },
  "referenceLink": "https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s",
  "serverity": "\u9ad8",
  "submitTime": "2025-08-26",
  "title": "Apache StreamPark SQL\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-48988 (GCVE-0-2024-48988)

GHSA-6WPF-Q5X2-66FC

FKIE_CVE-2024-48988

CNVD-2025-20869

Tags

Sightings

Nomenclature