Primary

Context

Apache StreamPark Weak Encryption Vulnerability

Vulnerability

Patched

A vulnerability exists in Apache StreamPark versions 2.0.0 prior to 2.1.7, due to the use of the AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens. This may have exposed sensitive authentication data.

Impact

The vulnerability could lead to the exposure of sensitive authentication data by allowing encrypted information to be decrypted or manipulated, undermining the integrity and confidentiality of the data.

Remediation

Users are advised to upgrade to Apache StreamPark version 2.1.7, which addresses this vulnerability.

Added: Dec 12, 2025, 3:17 PM

Updated: Dec 12, 2025, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache StreamPark Weak Encryption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache StreamPark

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating