CVE-2024-39928

CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability

Vendor Apache Software Foundation

Product Apache Linkis Spark EngineConn

Weakness CWE-326 · Weak encryption

Published September 24, 2024

Last update September 24, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Key dates

Disclosure timeline

September 24, 2024 CVE published

September 24, 2024 Record updated