CVE-2024-36268

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-94
View all →

Vulnerability Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/10251

Related Vulnerabilities

CVE-2021-38448

HIGH
CVSS:7.6(High)

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

CWE-942021

CVE-2022-3721

HIGH
CVSS:7.6(High)

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.

CWE-942022

CVE-2024-21689

HIGH
CVSS:7.6(High)

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote C...

CWE-942024

CVE-2024-27705

HIGH
CVSS:7.6(High)

Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.

CWE-942024

CVE-2024-29399

HIGH
CVSS:7.6(High)

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.

CWE-942024