Apache StreamPipes Security Update Advisory

Overview

 

Apache has released an update to address a vulnerability in StreamPipes. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-29868

  • Apache StreamPipes versions: 0.69.0 (inclusive) ~ 0.93.0 (inclusive)

 

Resolved Vulnerabilities

 

Cryptographically vulnerable pseudorandom number generator (PRNG) vulnerability in user self-registration and password recovery mechanisms (CVE-2024-29868)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-29868

  • Apache StreamPipes version: 0.95.0

 

 

Referenced Sites

[1] CVE-2024-29868 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-29868

[2] CVE-2024-29868: Apache StreamPipes, Apace StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

https://lists.apache.org/thread/g7t7zctvq2fysrw1x17flnc12592nhx7

Article Link: Apache StreamPipes Security Update Advisory – ASEC