Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.
It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability.
This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2] to solve it.
[1] https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html
https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html
[2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422
Metrics
Affected Vendors & Products
References
History
Wed, 23 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-03-27T14:10:32.785Z
Updated: 2024-10-23T16:39:30.822Z
Reserved: 2023-02-28T02:47:39.202Z
Link: CVE-2023-27296
Vulnrichment
Updated: 2024-08-02T12:09:43.156Z
NVD
Status : Modified
Published: 2023-03-27T15:15:08.650
Modified: 2024-11-21T07:52:36.060
Link: CVE-2023-27296
Redhat
No data.