Lucene search
ApacheVULNRICHMENT:CVE-2024-36268HistoryAug 02, 2024 - 9:44 a.m.
CVE-2024-36268 Apache InLong TubeMQ Client: Remote Code Execution vulnerability
2024-08-0209:44:26
CWE-94
apache
github.com
2
apache inlong
tubemq client
remote code execution
code injection
generation of code
vulnerability
upgrade
cherry-pick
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong’s 1.13.0 or cherry-pick [1] to solve it.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_inlong:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_inlong",
"versions": [
{
"status": "affected",
"version": "1.10.0",
"versionType": "semver",
"lessThanOrEqual": "1.12.0"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
Apache Inlong Code Injection vulnerability
2024-08-02 12:31:43
cve
cve
CVE-2024-36268
2024-08-02 10:16:00
veracode
veracode
Code Injection
2024-08-05 08:24:26
github
github
Apache Inlong Code Injection vulnerability
2024-08-02 12:31:43
cvelist
cvelist
nvd
nvd
CVE-2024-36268
2024-08-02 10:16:00
EPSS
0.01
Percentile
83.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-36268