[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2562f150-22b8-e28f-900f-8cf021353caa@apache.org>
Date: Mon, 27 Mar 2023 08:57:01 +0000
From: Charles Zhang <dockerzhang@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2023-27296: Apache InLong: JDBC Deserialization Vulnerability
in InLong
Severity: important
Description:
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.
It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability.
This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2] to solve it.
[1] https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html
https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html
[2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422
Credit:
escape Wang (finder)
References:
https://lists.apache.org/thread/xbvtjw9bwzgbo9fp1by8o3p49nf59xzt
https://inlong.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-27296
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
