CVE-2025-30001

HIGH7.3EPSS 0.27%

Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability

發布日:2025/10/10修改日:2025/11/5

描述

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. Version 2.1.6 has yet to be published in the Maven registry.

受影響套件(1)

Maven/org.apache.streampark:streamparkfrom 0, <= 2.1.5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-30001
PATCHhttps://github.com/apache/streampark
WEBhttps://lists.apache.org/thread/xfmsvhkcnr1831n0w5ovy3p44lsmfb7m
WEBhttp://www.openwall.com/lists/oss-security/2025/09/04/1