CVE-2024-48988SQL Injection: Hibernate in Software Foundation Apache Streampark

CWE-564SQL Injection: HibernateCWE-89SQL Injection3 documents3 sources
Severity
7.6HIGHNVD
EPSS
0.1%
top 84.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache StreamparkApache Streampark
Timeline
PublishedAug 22

Description

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the ass

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages2 packages

NVDapache/streampark2.1.42.1.6

🔴Vulnerability Details

2
CVEList
Apache StreamPark: SQL injection vulnerability2025-08-22
GHSA
GHSA-6wpf-q5x2-66fc: SQL Injection vulnerability in Apache StreamPark2025-08-22
CVE-2024-48988 — SQL Injection: Hibernate | cvebase