CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability

Heping Wang Mon, 23 Sep 2024 18:37:09 -0700

Severity: moderate

Affected versions:


- Apache Linkis Spark EngineConn 1.3.0 before 1.6.0

Description:

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark 
EngineConn, random string generated by the Token when starting Py4j uses the 
Commons Lang's RandomStringUtils.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Credit:

Hen (reporter)
Pj fanning  (reporter)

References:

https://linkis.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-39928


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@linkis.apache.org
For additional commands, e-mail: dev-h...@linkis.apache.org

CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability

Reply via email to