CVE-2022-45801

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-45801

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45801.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-45801

Aliases

GHSA-pjfj-qvqw-3f6v

Published

2023-05-01T15:15:08Z

Modified

2024-09-02T21:36:41Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

References

https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9

Affected packages

Git / github.com/apache/incubator-streampark

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-streampark
Events: Introduced

46037f303e19903048f8de1d4edc636fae8e206b

Fixed

6788ebae61d2f6d5122572229ce0a3a2555cc46d