The Apache Software Foundation has addressed a critical SQL injection vulnerability in Traffic Control, rated 9.9/10 on the CVSS scale, allowing privileged users to execute arbitrary SQL commands.
This SQL injection vulnerability allows a privileged user to send a specially-crafted PUT request in Apache Traffic Control versions <= 8.0.1, thereby potentially compromising the database.
The vulnerability was discovered by Tencent YunDing Security Lab's Yuan Luo and has been patched in version 8.0.2 of Apache Traffic Control, emphasizing the importance of updating software.
The ASF has also resolved other vulnerabilities, including an authentication bypass in Apache HugeGraph-Server and an important vulnerability in Apache Tomcat that could lead to remote code execution.
Collection
[
|
...
]