Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the
'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick
https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.
Metrics
Affected Vendors & Products
References
History
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-05-22T12:54:12.153Z
Updated: 2024-10-10T20:51:23.077Z
Reserved: 2023-04-24T02:24:37.855Z
Link: CVE-2023-31058
Vulnrichment
Updated: 2024-08-02T14:45:24.965Z
NVD
Status : Modified
Published: 2023-05-22T13:15:09.843
Modified: 2024-11-21T08:01:19.673
Link: CVE-2023-31058
Redhat
No data.