CVE-2024-39928 Vulnerability Details

  /     /     /  

CVE-2024-39928 Metadata Quick Info

CVE Published: 24/09/2024 | CVE Updated: 24/09/2024 | CVE Year: 2024
Source: apache | Vendor: Apache Software Foundation | Product: Apache Linkis Spark EngineConn
Status : PUBLISHED

CVE-2024-39928 Description

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang\'s RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-326
CWE Name: CWE-326 Inadequate Encryption Strength
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-39928 Vulnerability Details