exploitDog

CVE-2024-26579

Опубликовано: 08 мая 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,

the attackers can bypass using malicious parameters.

Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.

[1] https://github.com/apache/inlong/pull/9694

[2] https://github.com/apache/inlong/pull/9707

Ссылки

http://www.openwall.com/lists/oss-security/2024/05/09/2
Mailing List
https://github.com/advisories/GHSA-fgh3-pwmp-3qw3
Vendor Advisory
https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/09/2
Mailing List
https://github.com/advisories/GHSA-fgh3-pwmp-3qw3
Vendor Advisory
https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3
Mailing List

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

Версия от 1.7.0 (включая) до 1.12.0 (исключая)

EPSS

Процентиль: 54%

0.00309

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-fgh3-pwmp-3qw3

CVSS3: 9.8

github

больше 1 года назад

Apache Inlong Deserialization of Untrusted Data vulnerability

EPSS

Процентиль: 54%

0.00309

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502