Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2024-36268
HistoryAug 02, 2024 - 9:44 a.m.

CVE-2024-36268 Apache InLong TubeMQ Client: Remote Code Execution vulnerability

2024-08-0209:44:26
CWE-94
apache
www.cve.org
17
cve-2024-36268
apache inlong
remote code execution
code injection
upgrade
apache inlong 1.13.0

EPSS

0.01

Percentile

83.6%

JSON

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache InLong.

This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong’s 1.13.0 or cherry-pick [1] to solve it.

[1]  https://github.com/apache/inlong/pull/10251

CNA Affected

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.inlong:tubemq-client",
    "product": "Apache InLong TubeMQ Client",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.12.0",
        "status": "affected",
        "version": "1.10.0",
        "versionType": "semver"
      }
    ]
  }
]

Related

osv 1
cve 1
veracode 1
vulnrichment 1
github 1
nvd 1
osv
osv
Apache Inlong Code Injection vulnerability
2024-08-02 12:31:43
cve
cve
CVE-2024-36268
2024-08-02 10:16:00
veracode
veracode
Code Injection
2024-08-05 08:24:26
vulnrichment
vulnrichment
CVE-2024-36268 Apache InLong TubeMQ Client: Remote Code Execution vulnerability
2024-08-02 09:44:26
github
github
Apache Inlong Code Injection vulnerability
2024-08-02 12:31:43
nvd
nvd
CVE-2024-36268
2024-08-02 10:16:00

EPSS

0.01

Percentile

83.6%

JSON
Related for CVELIST:CVE-2024-36268
osv1cve1veracode1vulnrichment1github1nvd1