diff --git a/CVE-2024-24897.patch b/CVE-2024-24897.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bba27ac59ba3c0803deb2cbeb958126400231314
--- /dev/null
+++ b/CVE-2024-24897.patch
@@ -0,0 +1,28 @@
+From c59e9b4dd509a456fb1fedb50cc7ff9ef7ad55f9 Mon Sep 17 00:00:00 2001
+From: zhoupengcheng <zhoupengcheng11@huawei.com>
+Date: Mon, 11 Mar 2024 19:05:07 +0800
+Subject: [PATCH] preventing possible Shell command injection
+
+---
+ atune_collector/plugin/monitor/process/sched.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/atune_collector/plugin/monitor/process/sched.py b/atune_collector/plugin/monitor/process/sched.py
+index 0fadeba..82e6d9f 100644
+--- a/atune_collector/plugin/monitor/process/sched.py
++++ b/atune_collector/plugin/monitor/process/sched.py
+@@ -68,8 +68,9 @@ class ProcSched(Monitor):
+                         raise err
+         
+         for app in self.__applications:
+-            pid = subprocess.getoutput(
+-                "ps -A | grep {} | awk '{{print $1}}'".format(app)).split()
++            pid = subprocess.getoutput("ps -A")
++            app_processes = [line for line in pid.split('\n') if app in line]
++            pid = [line.split()[0] for line in app_processes]
+             app_pid_flag = True if pid else False
+             proc_flag.append(app_pid_flag)
+             if pid:
+-- 
+2.33.0
+
diff --git a/atune-collector.spec b/atune-collector.spec
index 3e1fe0d492592250f02a1bd7b86cbb2f4db28c9c..ae977dcdeaa6e93d629c7823fd9ceddf66af847e 100644
--- a/atune-collector.spec
+++ b/atune-collector.spec
@@ -2,7 +2,7 @@
 
 Name: atune-collector
 Version: 1.3.0
-Release: 1
+Release: 2
 Summary: A-Tune-Collector is used to collect various system resources.
 License: Mulan PSL v2
 URL: https://gitee.com/openeuler/A-Tune-Collector
@@ -11,6 +11,8 @@ Source: https://gitee.com/openeuler/A-Tune-Collector/repository/archive/v%{versi
 BuildRequires:  python3-setuptools
 Requires:       python3-dict2xml python3-werkzeug
 
+Patch9000:	CVE-2024-24897.patch
+
 %description
 The A-Tune-Collector is used to collect various system resources and can also be used as the collector of the A-Tune project.
 
@@ -32,6 +34,9 @@ The A-Tune-Collector is used to collect various system resources and can also be
 %attr(0600,root,root) %{_sysconfdir}/atune_collector/*
 
 %changelog
+* Tue Mar 12 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.3.0-2
+- fix CVE-2024-24897
+
 * Sat Jan 27 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.3.0-1
 - update v1.3.0