Page 13 of 200 results (0.008 seconds)

CVSS: 7.6EPSS: 1%CPEs: 1EXPL: 0

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/10251 • https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: -EPSS: 0%CPEs: 1EXPL: 0

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue. • https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue. • https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6 • CWE-269: Improper Privilege Management •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue. • https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw http://www.openwall.com/lists/oss-security/2024/07/30/1 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 • CWE-20: Improper Input Validation CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •