This vulnerability (CVE-2024-30494) in OSS Aliyun is classified as CWE-89, indicating improper neutralization of special elements in SQL commands, commonly known as SQL Injection. It affects OSS Aliyun versions through 1.4.10. The CVSS 3.1 base score is 7.6 (high), with an attack vector of network, low attack complexity, requiring high privileges, no user interaction, and a scope change. The impact affects confidentiality (high) and availability (low), but not integrity. No patch or official remediation level has been published, and the product is not a cloud service, so remediation is the responsibility of the user/vendor.

Successful exploitation could allow an attacker with high privileges to execute crafted SQL commands that may lead to significant confidentiality breaches and partial availability disruption. Integrity impact is not indicated. Since no known exploits are reported, the immediate risk may be limited, but the vulnerability remains critical due to the high confidentiality impact and network attack vector.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is currently documented, users should monitor vendor communications for updates. In the meantime, restricting high-privilege access and reviewing input validation related to SQL commands may reduce risk.