Platform
java
Component
org.apache.streampark:streampark
Opgelost in
2.1.4
2.1.4
CVE-2024-29178 describes a Remote Code Execution (RCE) vulnerability affecting Apache StreamPark versions up to 2.1.0. This flaw allows an authenticated attacker to inject malicious templates, potentially leading to arbitrary code execution on the server. Successful login is required to exploit this vulnerability, classifying it as a moderate-impact risk. Affected users should upgrade to version 2.1.4 to address this security concern.
The primary impact of CVE-2024-29178 is the potential for remote code execution. An attacker who can successfully log into the Apache StreamPark system can leverage template injection to execute arbitrary commands on the server. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The attacker could also establish a persistent foothold within the environment, enabling further malicious activities. While login is required, the potential for significant damage makes this a serious vulnerability, particularly in environments where user authentication is not adequately secured.
CVE-2024-29178 was publicly disclosed on 2024-07-18. The vulnerability's exploitation context is currently unclear, with no reports of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept (PoC) code is not yet widely available, but the ease of template injection suggests that it may be developed in the near future. Monitor security advisories and threat intelligence feeds for updates.
Organizations using Apache StreamPark in production environments, particularly those with less stringent authentication controls or legacy configurations, are at risk. Shared hosting environments where multiple users share the same StreamPark instance are also particularly vulnerable, as a compromised user account could be leveraged to exploit the vulnerability.
• java / server:
ps aux | grep -i streampark• java / server:
find / -name "streampark.jar" 2>/dev/null• java / server:
journalctl -u streampark -f | grep -i "template injection"disclosure
Exploit Status
EPSS
6.65% (91% percentiel)
CVSS-vector
The recommended mitigation for CVE-2024-29178 is to immediately upgrade Apache StreamPark to version 2.1.4 or later. This version contains the necessary fixes to prevent template injection vulnerabilities. If upgrading is not immediately feasible, consider implementing stricter input validation and sanitization on user-supplied data to reduce the attack surface. While not a complete solution, this can provide a temporary layer of defense. After upgrading, verify the fix by attempting to inject a simple template payload through the login form and confirming that it is properly sanitized and does not result in code execution.
Actualice Apache StreamPark a la versión 2.1.4 o superior. Esta versión corrige la vulnerabilidad de inyección de plantilla FreeMarker que permite la ejecución remota de código. La actualización es esencial para proteger su servidor contra posibles ataques.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-29178 is a Remote Code Execution vulnerability in Apache StreamPark versions 2.1.0 and earlier, allowing attackers to execute code after logging in.
If you are using Apache StreamPark versions 2.1.0 or earlier, you are potentially affected by this vulnerability. Upgrade to 2.1.4 or later to mitigate the risk.
The recommended fix is to upgrade Apache StreamPark to version 2.1.4 or later. This version includes the necessary security patches to prevent template injection.
As of now, there are no confirmed reports of active exploitation of CVE-2024-29178, but the vulnerability's nature suggests potential for future exploitation.
Refer to the Apache StreamPark security advisories for the most up-to-date information and official guidance: https://streampark.apache.org/security/
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je pom.xml-bestand en we vertellen je direct of je getroffen bent.