PT-2024-2184 · Apache · Apache Inlong

An4Er

Published

2024-03-06

Updated

2025-05-07

CVE-2024-26580

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.8.0 through 1.10.0

Description The issue affects Apache InLong due to deserialization of untrusted data, allowing attackers to read from an arbitrary file using a specific payload. This can enable remote attackers to gain unauthorized access to protected information by transmitting specially crafted data.

Recommendations For Apache InLong versions 1.8.0 through 1.10.0, upgrade to Apache InLong's 1.11.0 or cherry-pick the solution from the provided GitHub pull request to resolve the issue.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2024-02102

CVE-2024-26580

GHSA-P2GX-4434-PF6G

Affected Products

Apache Inlong

PT-2024-2184 · Apache · Apache Inlong

CVE-2024-26580

Weakness Enumeration

Related Identifiers

Affected Products

References · 13