Security
Headlines

Headlines Latest CVEs

Headline

GHSA-m5h8-2pjw-vg3j: Apache StreamPark Improper Input Validation vulnerability

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

1 year ago

#vulnerability #apache #git

Apache StreamPark Improper Input Validation vulnerability

Critical severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Related news

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

1 year ago

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager

15 hours ago

GHSA-rmxg-6qqf-x8mr: GeoNode Server Side Request forgery

16 hours ago

GHSA-5cph-wvm9-45gj: Flowise OverrideConfig security vulnerability

16 hours ago

GHSA-hj3w-wrh4-44vp: LLama Factory Remote OS Command Injection Vulnerability

16 hours ago

GHSA-jh6x-7xfg-9cq2: Searching Opencast may cause a denial of service

1 day ago