CVE-2024-48988

HIGH

Apache Streampark < 2.1.6 - SQL Injection

Title source: rule

Description

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the associated risk is considered relatively low.

References (2)

[Mailing List] https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s

[Mailing List] http://www.openwall.com/lists/oss-security/2025/08/22/1

Scores

CVSS v3 7.6

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Classification

CWE

CWE-564 CWE-89

Status published

Affected Products (1)

apache/streampark < 2.1.6

Timeline

Published Aug 22, 2025

Tracked Since Feb 18, 2026