PT-2023-5268 · Apache · Apache Inlong

4Ra1N

+1

·

Published

2023-07-25

·

Updated

2024-10-02

·

CVE-2023-34434

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.4.0 through 1.7.0
Description The issue affects Apache InLong, allowing an attacker to bypass the current logic and achieve arbitrary file reading by exploiting a deserialization of untrusted data vulnerability. This could enable a remote attacker to read files arbitrarily.
Recommendations To solve this issue, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2023-05885
CVE-2023-34434
GHSA-PQ67-9JF9-HC3C

Affected Products

Apache Inlong