Home > Vulnerability Database > CVE-2022-45802

Mend.io Vulnerability Database

CVE-2022-45802

Good to know:

Date: May 1, 2023

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later

Language: SCALA

Severity Score

9.8

Related Resources (5)

Url: https://github.com/apache/incubator-streampark

Url: https://lists.apache.org/thread/thwl1v2h6r3c21x1qwff08o57qzjnst6

Url: https://github.com/apache/incubator-streampark/commit/0c87c6d8cf39ef2c31c1dea1a7df23d76f5e1236

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-45802

Url: https://www.mend.io/vulnerability-database/CVE-2022-45802

Severity Score

9.8

Weakness Type (CWE)

Path Traversal

CWE-22

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

Upgrade Version

Upgrade to version org.apache.streampark:streampark-common:2.0.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-45802

Good to know:

Date: May 1, 2023

Language: SCALA

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?