Apache StreamPark (incubating): Upload any file to any directory
Severity: low Versions Affected: Apache StreamPark 1.0.0 before 2.0.0 Description: Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some risky files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later Mitigation: Users of the affected versions should apply one of the following - Upgrade to Apache StreamPark 2.0.0 or later References: https://streampark.incubator.apache.orghttps://www.cve.org/CVERecord?id=CVE-2022-45802 Best, Huajie Wang
