Overview
Apache has released an update to address a vulnerability in StreamPipes. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-29868
- Apache StreamPipes versions: 0.69.0 (inclusive) ~ 0.93.0 (inclusive)
Resolved Vulnerabilities
Cryptographically vulnerable pseudorandom number generator (PRNG) vulnerability in user self-registration and password recovery mechanisms (CVE-2024-29868)
Vulnerability Patches
Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-29868
- Apache StreamPipes version: 0.95.0
Referenced Sites
[1] CVE-2024-29868 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-29868
[2] CVE-2024-29868: Apache StreamPipes, Apace StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
https://lists.apache.org/thread/g7t7zctvq2fysrw1x17flnc12592nhx7
Article Link: Apache StreamPipes Security Update Advisory – ASEC