PT-2024-14291 · Apache · Apache Inlong
X1R0Z
·
Published
2024-01-03
·
Updated
2024-09-06
·
CVE-2023-51785
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache InLong versions 1.7.0 through 1.9.0
Description
The issue is related to the deserialization of untrusted data in Apache InLong, allowing attackers to perform an arbitrary file read attack using the mysql driver.
Recommendations
For Apache InLong versions 1.7.0 through 1.9.0, upgrade to Apache InLong's 1.10.0 or cherry-pick the fix from https://github.com/apache/inlong/pull/9331 to solve the issue.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Inlong