Owen Amadeus

**Name of the Vulnerable Software and Affected Versions** Apache SeaTunnel versions <=2.3.10 **Description** Unauthorized users can perform Arbitrary File Read and Deserialization attack by submitting a job using the restful api-v1. An attacker can access the `/hazelcast/rest/maps/submit-job` endpoint to submit a job and set extra parameters in the MySQL URL to perform the attack. **Recommendations** For Apache SeaTunnel versions <=2.3.10, users are recommended to upgrade to version 2.3.11 and enable restful api-v2 and open https two-way authentication, which fixes the issue. As a temporary workaround, consider restricting access to the `/hazelcast/rest/maps/submit-job` endpoint until the issue is resolved.