[MAVEN:GHSA-26M4-QJP9-XMC6] Apache InLong vulnerable to Deserialization of Untrusted Data

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

Package	Affected Version
pkg:maven/org.apache.inlong/inlong-common	< 1.3.0

Package	Fixed Version
pkg:maven/org.apache.inlong/inlong-common	= 1.3.0

ID: MAVEN:GHSA-26M4-QJP9-XMC6
Severity: high
URL: https://github.com/advisories/GHSA-26m4-qjp9-xmc6
Published: 2022-09-21T00:00:46
(2 years ago)
Modified: 2023-01-31T05:03:59
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-40955
			https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1
			http://www.openwall.com/lists/oss-security/2022/09/22/5
			https://github.com/advisories/GHSA-26m4-qjp9-xmc6

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.inlong/inlong-common	org.apache.inlong	inlong-common	< 1.3.0
Fixed	pkg:maven/org.apache.inlong/inlong-common	org.apache.inlong	inlong-common	= 1.3.0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date