CVE-2022-45802

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions prior to 2.0.0

Description The issue allows any user to upload a jar as an application without mandatory verification of the uploaded file type. This enables users to upload high-risk files and potentially upload them to any directory.

Recommendations For versions prior to 2.0.0, upgrade to Apache StreamPark 2.0.0 or later. As a temporary workaround, consider restricting the upload functionality to prevent users from uploading high-risk files until the issue is resolved.