Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.linkis/linkis-engineplugin-spark@1.6.0

Type maven

Namespace org.apache.linkis

Name linkis-engineplugin-spark

Version 1.6.0

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-gbxh-e1zf-cqcd

vulnerability_id VCID-gbxh-e1zf-cqcd

summary

Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39928

reference_id

reference_type

scores

value	0.00157
scoring_system	epss
scoring_elements	0.3635
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39928

reference_url

https://github.com/apache/linkis

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/linkis

reference_url

https://github.com/apache/linkis/commit/82c2f4b201b746e9206bb58ef98f536fc333aa07

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/linkis/commit/82c2f4b201b746e9206bb58ef98f536fc333aa07

reference_url

https://lists.apache.org/thread/g664n13nb17rsogcfrn8kjgd8m89p8nw

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-24T13:26:16Z/

url

https://lists.apache.org/thread/g664n13nb17rsogcfrn8kjgd8m89p8nw

reference_url

http://www.openwall.com/lists/oss-security/2024/09/24/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/09/24/2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-39928

reference_id

CVE-2024-39928

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-39928

reference_url

https://github.com/advisories/GHSA-6gch-63wp-4v5f

reference_id

GHSA-6gch-63wp-4v5f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6gch-63wp-4v5f

fixed_packages

url	pkg:maven/org.apache.linkis/linkis-engineplugin-spark@1.6.0
purl	pkg:maven/org.apache.linkis/linkis-engineplugin-spark@1.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis-engineplugin-spark@1.6.0

aliases CVE-2024-39928, GHSA-6gch-63wp-4v5f

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gbxh-e1zf-cqcd

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis-engineplugin-spark@1.6.0

Package Instance