VYPR
High severityNVD Advisory· Published Sep 24, 2024· Updated Sep 24, 2024

Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability

CVE-2024-39928

Description

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.linkis:linkis-engineplugin-sparkMaven
< 1.6.01.6.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.