CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45801 – Apache StreamPark (incubating): LDAP Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-45801
01 May 2023 — Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user l... • https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-45802 – Apache StreamPark (incubating): Upload any file to any directory
https://notcve.org/view.php?id=CVE-2022-45802
01 May 2023 — Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of t... • https://lists.apache.org/thread/thwl1v2h6r3c21x1qwff08o57qzjnst6 • CWE-434: Unrestricted Upload of File with Dangerous Type •