Ming

**Name of the Vulnerable Software and Affected Versions** Apache InLong versions 1.13.0 through 2.1.0 **Description** The issue concerns a deserialization of untrusted data, allowing for an arbitrary file read vulnerability. This can be exploited by bypassing security measures through double writing of a parameter. **Recommendations** For Apache InLong versions 1.13.0 through 2.1.0, consider restricting access to untrusted data deserialization until a patch is available. As a temporary workaround, avoid using the vulnerable JDBC functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow version 2.9.0 **Description** The issue allows an authenticated attacker to inject malicious data into the task instance logs. This is a critical security vulnerability that enables attackers to inject data into the task instance logs. **Recommendations** For Apache Airflow version 2.9.0, upgrade to version 2.9.1 to fix the issue. As a temporary workaround, consider restricting access to the task instance logs until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Apache InLong versions 1.7.0 through 1.11.0 **Description** The issue is related to the deserialization of untrusted data, allowing attackers to bypass security using malicious parameters. **Recommendations** For Apache InLong versions 1.7.0 through 1.11.0, users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick the specified patches to solve the issue.

**Name of the Vulnerable Software and Affected Versions** Confluence Server versions 6.1.0 through 6.6.15 Confluence Server versions 6.7.0 through 6.13.6 Confluence Server versions 6.14.0 through 6.15.7 Confluence Data Center versions 6.1.0 through 6.6.15 Confluence Data Center versions 6.7.0 through 6.13.6 Confluence Data Center versions 6.14.0 through 6.15.7 **Description** A local file disclosure issue exists via page exporting, allowing an attacker with page editing permission to read arbitrary files on the server under the <install-directory>/confluence/WEB-INF directory. This may lead to the leakage of sensitive information, including configuration files for integrating with other services and potentially LDAP credentials if the Confluence server is configured to use LDAP as a user repository. **Recommendations** For Confluence Server versions 6.1.0 through 6.6.15, update to version 6.6.16 or later. For Confluence Server versions 6.7.0 through 6.13.6, update to version 6.13.7 or later. For Confluence Server versions 6.14.0 through 6.15.7, update to version 6.15.8 or later. For Confluence Data Center versions 6.1.0 through 6.6.15, update to version 6.6.16 or later. For Confluence Data Center versions 6.7.0 through 6.13.6, update to version 6.13.7 or later. For Confluence Data Center versions 6.14.0 through 6.15.7, update to version 6.15.8 or later.