PT-2023-8729 · Apache · Apache Inlong
4Ra1N
+2
·
Published
2023-05-21
·
Updated
2024-10-11
·
CVE-2023-31058
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apache InLong versions 1.4.0 through 1.6.0
Description
The issue is related to the deserialization of untrusted data, which allows attackers to bypass the
autoDeserialize option filtering by adding blanks. This can potentially lead to the execution of arbitrary code.Recommendations
To solve the issue, users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7674.
Fix
Deserialization of Untrusted Data
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Inlong