Apache InLong Vulnerability Could Lead to Remote Code Execution

CVE-2024-36268
9.8CRITICAL

Key Information

Vendor
Apache
Status
Inlong
Vendor
CVE Published:
2 August 2024

Badges

📰 News Worthy

Summary

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/10251

News Articles

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • First article discovered by The Cyber Express

  • Vulnerability published.

Collectors

NVD Database1 News Article(s)
.