CVE-2023-30867: 
Java vulnerability analysis and mitigation

CVE-2023-30867 is a SQL injection vulnerability in the Apache StreamPark platform that affects versions from 2.0.0 up to (excluding) 2.1.2. The vulnerability was discovered and disclosed on December 15, 2023. The issue exists in the platform's name-based fuzzy search functionality, which is used for searching job names, role names, and other features when users are logged into the system (NVD).

The vulnerability stems from improper handling of user input in SQL queries, specifically in the query pattern 'select * from table where jobName like '%jobName%''. The jobName field can accept illegal parameters, leading to SQL injection possibilities. The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. It is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command (NVD).

The exploitation of this vulnerability could potentially result in information leakage through SQL injection attacks. The CVSS score indicates that while the vulnerability requires high privileges to exploit, it can lead to high confidentiality impact (NVD).

Users are recommended to upgrade to Apache StreamPark version 2.1.2 or later, which contains the fix for this vulnerability (NVD).