Foresiet, your trusted cybersecurity advisor, brings attention to the recent addition of a security flaw impacting Apache Flink to the Known Exploited Vulnerabilities catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Tracked as CVE-2020-17519, this vulnerability poses a significant risk due to its potential for active exploitation. Understanding the Vulnerability.

Using open-source code exposes organizations to a tremendous amount of risk, yet this point is treated like a dirty little secret that nobody talks about. So, let’s live on the edge and take a minute to talk about the problem. Open-source code is an oddity. Generally, open-source code is often placed in small packets tucked inside massive programs that corporations use to run their most important processes or it is adopted as a whole program and tasked with running some part of a business.

CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.