The Apache Software Foundation (ASF) has addressed a critical SQL injection vulnerability in Traffic Control, tracked as CVE-2024-45387 with a CVSS score of 9.9. The flaw affects versions 8.0.0 to 8.0.1 and allows privileged users with specific roles (e.g., 'admin' or 'operations') to execute arbitrary SQL commands via a crafted PUT request. The issue has been fixed in version 8.0.2.

Additionally, the ASF patched an authentication bypass flaw in Apache HugeGraph-Server (CVE-2024-43441) and an important vulnerability in Apache Tomcat (CVE-2024-56337) that could lead to remote code execution (RCE). Users are urged to upgrade to the latest versions to mitigate these security risks.

‍