Apache Linkis Random String Security Vulnerability
CVE-2024-39928

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Linkis Spark Engineconn
Vendor: CVE Published:; 25 September 2024

What is CVE-2024-39928?

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Affected Version(s)

Apache Linkis Spark EngineConn 1.3.0 < 1.6.0

References

https://lists.apache.org/thread/g664n13nb17rsogcfrn8kjgd8...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Jul 4, 2024

Credit

Hen

Pj fanning