CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27296 – Apache InLong: JDBC Deserialization Vulnerability in InLong
https://notcve.org/view.php?id=CVE-2023-27296
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2] to solve it. [1] https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422 • https://lists.apache.org/thread/xbvtjw9bwzgbo9fp1by8o3p49nf59xzt • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2023-24997 – Apache InLong: Jdbc Connection Security Bypass
https://notcve.org/view.php?id=CVE-2023-24997
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it. • https://lists.apache.org/thread/nxvtxq7oxhwyzo9ty2hqz8rvh5r7ngd8 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24977 – Apache InLong: Jdbc Connection causes arbitrary file reading in InLong
https://notcve.org/view.php?id=CVE-2023-24977
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. • https://lists.apache.org/thread/ggozxorctn3tdll7bgmpwwcbjnd0s6w7 • CWE-125: Out-of-bounds Read •