First published: Fri Aug 02 2024(Updated: )
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/10251
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.apache.inlong:tubemq-core | >=1.10.0<1.13.0 | 1.13.0 |
Apache InLong | >=1.10.0<1.13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-36268 has the potential for Remote Code Execution, indicating a high severity level.
To remediate CVE-2024-36268, users should upgrade to Apache InLong version 1.13.0.
CVE-2024-36268 affects Apache InLong versions from 1.10.0 to 1.12.0.
CVE-2024-36268 is classified as an Improper Control of Generation of Code, commonly referred to as a Code Injection vulnerability.
Users can cherry-pick the relevant commits to potentially mitigate CVE-2024-36268 until an upgrade is performed.