Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS02Z2NoLTYzd3AtNHY1Zs4AA_wz

High CVSS: 8.7 EPSS: 0.00116% (0.31011 Percentile) EPSS:
Permalink JSON

Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability

Affected Packages Affected Versions Fixed Versions
maven:org.apache.linkis:linkis-engineplugin-spark < 1.6.0 1.6.0
0 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.5.0

All unaffected versions

1.6.0, 1.7.0, 1.8.0

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.

References:

Identifiers

GHSA-6gch-63wp-4v5f

CVE-2024-39928

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00116

EPSS Percentile: 0.31011

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/linkis
View on Ecosyste.ms

Date and time

Published

over 1 year ago

Updated

2 months ago

API

JSON