漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability
Vulnerability Description
In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Apache StreamPark SQL注入漏洞
Vulnerability Description
Apache StreamPark是美国阿帕奇(Apache)基金会的一个流媒体应用程序开发框架。 Apache StreamPark 2.0.0版本至2.1.2之前版本存在安全漏洞,该漏洞源于存在SQL注入,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A