This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/10251

Affected Packages

Maven org.apache.inlong:tubemq-core

Affected versions: 1.10.0 (fixed in 1.13.0)

Related CVEs

CVE-2024-36268

Key Information

GHSA ID

GHSA-qff2-8qw7-hcvw

Published

August 2, 2024 12:31 PM

Last Modified

August 22, 2024 9:41 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.inlong:tubemq-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 13, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.