GHSA-gpqq-59rp-3c3w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gpqq-59rp-3c3w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-gpqq-59rp-3c3w/GHSA-gpqq-59rp-3c3w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gpqq-59rp-3c3w
- Aliases
- Published
- 2023-03-27T15:30:16Z
- Modified
- 2023-11-08T04:12:04.051854Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
- Details
-
Apache InLong versions from 1.1.0 through 1.5.0 are vulnerable to Java Database Connectivity (JDBC) deserialization of untrusted data from the MySQL JDBC URL in MySQLDataNode. It could be triggered by authenticated users of InLong. This has been patched in version 1.6.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick the patch to solve it.
- Database specific
{ "nvd_published_at": "2023-03-27T15:15:00Z", "github_reviewed_at": "2023-03-27T22:10:31Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-502" ] }- References
Affected packages
Maven / org.apache.inlong:inlong-manager
Package
- Name
- org.apache.inlong:inlong-manager
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.inlong/inlong-manager