Lucene search
ApacheVULNRICHMENT:CVE-2024-39928HistorySep 24, 2024 - 7:27 a.m.
CVE-2024-39928 Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
2024-09-2407:27:55
CWE-326
apache
github.com
apache linkis
spark engineconn
randomstringutils
security vulnerability
commons lang
token
py4j
upgrade
version 1.6.0
cve-2024-39928
AI Score
6.9
Confidence
High
EPSS
0
Percentile
9.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn,Β random string generated by the Token when starting Py4j uses the Commons Langβs RandomStringUtils.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_linkis_spark_engineconn:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_linkis_spark_engineconn",
"versions": [
{
"status": "affected",
"version": "13.0",
"lessThan": "1.6.0",
"versionType": "maven"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
CVE-2024-39928
2024-09-25 01:15:40
cve
cve
CVE-2024-39928
2024-09-25 01:15:40
cvelist
cvelist
osv
osv
github
github
AI Score
6.9
Confidence
High
EPSS
0
Percentile
9.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-39928