I learned about this via this link: https://www.linkedin.com/posts/cybersecurity-news_cybersecuritynews-activity-7435324625724796929-KLGg
I then opened a support case and below is the reply in case anyone is interested:
Based on the current assessment, this vulnerability has been confirmed to affect the 2024.2 version as well. Our engineering team is actively working on a fix, and at this time, no workaround is available.
Planned Fix Availability
The issue is scheduled to be resolved in the following upcoming releases:
For bundled MongoDB (Alteryx Server-managed):
- 24.2 Patch 11 – Expected in the second or third week of May
- 25.2 Patch 3 – Expected in late March
- 24.1 Patch 14 – Expected end of April
- 25.1 Patch 6 – Expected in the first or second week of May
For User‑Managed MongoDB Deployments:
The vulnerability will be addressed in the following MongoDB versions:
7.0.29 for Alteryx 24.2
7.0.29 for Alteryx 25.1
8.0.18 for Alteryx 25.2
8.0.18 for Alteryx 26.1
