PT-2024-6293 · Apache · Apache Inlong
X1R0Z
·
Published
2024-08-02
·
Updated
2024-09-09
·
CVE-2024-36268
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache InLong versions 1.10.0 through 1.12.0
Description
The issue affects Apache InLong due to improper control of code generation, which could lead to remote code execution. This allows a remote attacker to execute arbitrary code. Users are advised to take immediate action to mitigate the threat.
Recommendations
For Apache InLong versions 1.10.0 through 1.12.0, upgrade to Apache InLong's 1.13.0 or cherry-pick the provided patch to solve the issue.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Inlong