{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:55:17.004","vulnerabilities":[{"cve":{"id":"CVE-2024-39928","sourceIdentifier":"security@apache.org","published":"2024-09-25T01:15:40.693","lastModified":"2025-05-16T20:27:25.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils.\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue."},{"lang":"es","value":"En Apache Linkis <= 1.5.0, existe una vulnerabilidad de seguridad de cadenas aleatorias en Spark EngineConn. La cadena aleatoria generada por el token al iniciar Py4j utiliza RandomStringUtils de Commons Lang. Se recomienda a los usuarios actualizar a la versión 1.6.0, que soluciona este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.6.0","matchCriteriaId":"B58052DA-860C-4D7E-A523-E15306D5B6AF"}]}]}],"references":[{"url":"https://lists.apache.org/thread/g664n13nb17rsogcfrn8kjgd8m89p8nw","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/09/24/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}