GHSA-gpqq-59rp-3c3w

Source

https://github.com/advisories/GHSA-gpqq-59rp-3c3w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-gpqq-59rp-3c3w/GHSA-gpqq-59rp-3c3w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gpqq-59rp-3c3w

Aliases

CVE-2023-27296

Published

2023-03-27T15:30:16Z

Modified

2023-11-08T04:12:04.051854Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Apache InLong vulnerable to JDBC Deserialization of Untrusted Data

Details

Apache InLong versions from 1.1.0 through 1.5.0 are vulnerable to Java Database Connectivity (JDBC) deserialization of untrusted data from the MySQL JDBC URL in MySQLDataNode. It could be triggered by authenticated users of InLong. This has been patched in version 1.6.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick the patch to solve it.

References

Affected packages

Maven / org.apache.inlong:inlong-manager

Package

Name: org.apache.inlong:inlong-manager; View open source insights on deps.dev
Purl: pkg:maven/org.apache.inlong/inlong-manager

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.6.0

Affected versions

1.*

1.1.0-incubating

1.2.0-incubating

1.3.0

1.4.0

1.5.0