Vulnerability DatabaseCVE-2024-48988
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-48988
August 22, 2025
SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the associated risk is considered relatively low.
Affected Packages
https://github.com/apache/streampark.git (GITHUB):
Affected version(s) >=v2.1.4 <v2.1.6
Fix Suggestion:
Update to version v2.1.6
Related ResourcesĀ (2)
https://lists.apache.org/thread/26ng8388l93zwjrst560cbjz9x7wpq1s
http://www.openwall.com/lists/oss-security/2025/08/22/1
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
SQL Injection: Hibernate
CWE-564
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89
EPSS
Base Score:
0.04