GHSA-gpqq-59rp-3c3w

Suggest an improvement
Source
https://github.com/advisories/GHSA-gpqq-59rp-3c3w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-gpqq-59rp-3c3w/GHSA-gpqq-59rp-3c3w.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-gpqq-59rp-3c3w
Aliases
Published
2023-03-27T15:30:16Z
Modified
2023-11-01T05:01:34.637003Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
Details

Apache InLong versions from 1.1.0 through 1.5.0 are vulnerable to Java Database Connectivity (JDBC) deserialization of untrusted data from the MySQL JDBC URL in MySQLDataNode. It could be triggered by authenticated users of InLong. This has been patched in version 1.6.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick the patch to solve it.

Database specific
{
    "nvd_published_at": "2023-03-27T15:15:00Z",
    "github_reviewed_at": "2023-03-27T22:10:31Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-502"
    ]
}
References

Affected packages

Maven / org.apache.inlong:inlong-manager

Package

Name
org.apache.inlong:inlong-manager
View open source insights on deps.dev
Purl
pkg:maven/org.apache.inlong/inlong-manager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.6.0

Affected versions

1.*

1.2.0-incubating
1.3.0
1.4.0
1.5.0