CVE-2024-36268
Aug. 2, 2024, 12:59 p.m.
Tags
Product(s) Impacted
Apache InLong
- 1.10.0 - 1.12.0
Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/10251
Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE ID: 94Date
Published: Aug. 2, 2024, 10:16 a.m.
Last Modified: Aug. 2, 2024, 12:59 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@apache.org