CVE-2024-29737

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions prior to 2.1.4

Description: The issue is related to incorrect handling of the ` character in the Project Module of Apache StreamPark, allowing remote attackers to execute arbitrary commands. The vulnerability can be exploited if an attacker has system-level permissions and is logged in to the StreamPark system. The risk level of this vulnerability is considered low, as it typically requires authorization to log in to the system and users would not manually input dangerous operation commands.

Recommendations: For versions prior to 2.1.4, upgrade to version 2.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the Project module or limiting the use of the ` character in build arguments to minimize the risk of exploitation.