The Apache InLong project has issued a security advisory regarding a critical vulnerability discovered in its TubeMQ component, that could allow code injection flaw could allow remote attackers to execute arbitrary code on affected systems.
The vulnerability tracked as CVE-2024-36268 with a CVSS score of 9.8, resides in the TubeMQ Client, a crucial part of the InLong framework that facilitates communication with the TubeMQ message queue system. By exploiting this flaw, attackers could potentially gain control of the entire InLong infrastructure, compromising the integrity and confidentiality of sensitive data being processed.
The InLong team has released version 1.13.0 to address this critical vulnerability. Users are strongly advised to update their installations to this latest version as soon as possible. For those unable to immediately upgrade, the project has also provided a patch that can be applied directly to the source code.
Organizations relying on InLong are urged to prioritize patching efforts to mitigate the risk of remote code execution attacks and protect their critical data.
