PT-2023-21058 · Apache+1 · Apache Inlong+1
Escape Wang
·
Published
2023-03-27
·
Updated
2024-10-23
·
CVE-2023-27296
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache InLong versions 1.1.0 through 1.5.0
Description
The issue is related to the deserialization of untrusted data in Apache InLong, which could be triggered by authenticated users. This vulnerability affects the MySQLDataNode due to the deserialization of untrusted data from the MySQL JDBC URL.
Recommendations
For Apache InLong versions 1.1.0 through 1.5.0, users are advised to upgrade to Apache InLong's latest version or cherry-pick the patch to solve the issue. As a temporary workaround, consider restricting access to the MySQLDataNode to minimize the risk of exploitation.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Inlong
Mysql Server