High severityNVD Advisory· Published Sep 24, 2024· Updated Sep 24, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
CVE-2024-39928
Description
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.linkis:linkis-engineplugin-sparkMaven | < 1.6.0 | 1.6.0 |
Affected products
2- Apache Software Foundation/Apache Linkis Spark EngineConnv5Range: 1.3.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6gch-63wp-4v5fghsaADVISORY
- lists.apache.org/thread/g664n13nb17rsogcfrn8kjgd8m89p8nwghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-39928ghsaADVISORY
- www.openwall.com/lists/oss-security/2024/09/24/2ghsaWEB
- github.com/apache/linkis/commit/82c2f4b201b746e9206bb58ef98f536fc333aa07ghsaWEB
News mentions
0No linked articles in our index yet.