CVE-2023-31058

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.4.0 through 1.6.0

Description The issue is related to the deserialization of untrusted data, which allows attackers to bypass the autoDeserialize option filtering by adding blanks. This can potentially lead to the execution of arbitrary code.

Recommendations To solve the issue, users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7674.