org.apache.streampark:streampark (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.streampark:streampark, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2025-54947 — CVSS 9.8 (critical): In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This…
CVE-2022-46365 — CVSS 9.1 (critical): Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the…
CVE-2024-29178 — CVSS 8.8 (high): On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The…
CVE-2025-54981 — CVSS 7.5 (high): Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive…
CVE-2025-30001 — CVSS 7.3 (high): Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6…
CVE-2023-49898 — CVSS 7.2 (high): In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation…
CVE-2024-29120 — CVSS 5.9 (medium): In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end…
CVE-2025-53960 — CVSS 5.9 (medium): When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256…
CVE-2022-45801 — CVSS 5.4 (medium): Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications…
CVE-2023-30867 — CVSS 4.9 (medium): In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as…
CVE-2024-29737 — CVSS 4.7 (medium): In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing…
CVE-2023-52291 — CVSS 4.7 (medium): In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing…