Apache Traffic Control SQL Injection Vulnerability Patched
/ 1 min read
🔧 Apache Software Foundation addresses critical SQL injection vulnerability in Traffic Control. The Apache Software Foundation has released security updates to fix a severe SQL injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control versions 8.0.0 to 8.0.1. Rated 9.9 on the CVSS scale, this flaw allows privileged users to execute arbitrary SQL commands by sending specially-crafted PUT requests. The vulnerability was discovered by Tencent YunDing Security Lab researcher Yuan Luo and has been patched in version 8.0.2. Additionally, the ASF has resolved an authentication bypass flaw in Apache HugeGraph-Server and released a patch for a significant vulnerability in Apache Tomcat that could lead to remote code execution. Users are urged to update to the latest software versions to mitigate potential risks.
