CVE-2024-36268

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/10251
References
Link Resource
https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

History

27 Aug 2024, 17:19

Type Values Removed Values Added
CPE cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*
First Time Apache inlong
Apache
References () https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc - () https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc - Mailing List, Vendor Advisory
CVSS v2 : unknown
v3 : 7.6
v2 : unknown
v3 : 9.8

22 Aug 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.6

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de control inadecuado de la generación de código ('inyección de código') en Apache InLong. Este problema afecta a Apache InLong: desde la versión 1.10.0 hasta la 1.12.0, lo que podría provocar la ejecución remota de código. Se recomienda a los usuarios que actualicen a la versión 1.13.0 de Apache InLong o seleccionen la que más les convenga [1] para resolverlo. [1] https://github.com/apache/inlong/pull/10251

02 Aug 2024, 10:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 10:16

Updated : 2024-08-27 17:19


NVD link : CVE-2024-36268

Mitre link : CVE-2024-36268

CVE.ORG link : CVE-2024-36268


JSON object : View

Products Affected

apache

  • inlong
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')