CVE-2024-36268
published 2024-08-02CVE-2024-36268: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/10251
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | inlong | >= 1.10.0 < 1.13.0 | 1.13.0 |
| apache_software_foundation | apache_inlong_tubemq_client | 1.10.0 – 1.12.0 | — |