Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type. This means users may upload some high-risk files, and may upload them to any directory. Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.
{ "github_reviewed": true, "cwe_ids": [ "CWE-22", "CWE-434" ], "github_reviewed_at": "2023-07-06T23:01:29Z", "nvd_published_at": "2023-05-01T15:15:08Z", "severity": "CRITICAL" }