PT-2023-28912 · Apache · Apache Inlong
Nbxiglk
·
Published
2023-10-16
·
Updated
2023-11-14
·
CVE-2023-43668
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache InLong versions 1.4.0 through 1.8.0
Description
The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability allows some sensitive parameter checks to be bypassed, including
autoDeserizalize and allowLoadLocalInfile.Recommendations
For Apache InLong versions 1.4.0 through 1.8.0, upgrade to Apache InLong's 1.9.0 or cherry-pick the provided patch to solve the issue.
Fix
Deserialization of Untrusted Data
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Inlong