CVE-2024-24683— Apache Hop Engine: ID isn't escaped when generating HTML

Apache Hop Engine: ID isn't escaped when generating HTML

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client.

N/A

输入验证不恰当

Apache Hop Engine 安全漏洞

Apache Hop Engine是美国阿帕奇（Apache）基金会的一个开源的数据集成、数据处理和工作流管理平台。 Apache Hop Engine 2.8.0 之前版本存在安全漏洞，该漏洞源于当 Hop Server 将链接写入 PrepareExecutionPipelineServlet 页面时，提供给用户的参数未正确转义。

N/A

N/A