Описание
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can
use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it.
Пакеты
org.apache.inlong:manager-common
>= 1.8.0, < 1.11.0
1.11.0
EPSS
9.3 Critical
CVSS4
9.1 Critical
CVSS3
CVE ID
Дефекты
Связанные уязвимости
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673
Уязвимость платформы интеграции данных Apache InLong, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
9.3 Critical
CVSS4
9.1 Critical
CVSS3