CVE-2023-24997 – Apache InLong: Jdbc Connection Security Bypass
https://notcve.org/view.php?id=CVE-2023-24997
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it. • https://lists.apache.org/thread/nxvtxq7oxhwyzo9ty2hqz8rvh5r7ngd8 • CWE-502: Deserialization of Untrusted Data •
CVE-2023-24977 – Apache InLong: Jdbc Connection causes arbitrary file reading in InLong
https://notcve.org/view.php?id=CVE-2023-24977
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. • https://lists.apache.org/thread/ggozxorctn3tdll7bgmpwwcbjnd0s6w7 • CWE-125: Out-of-bounds Read •
CVE-2022-40955 – Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC
https://notcve.org/view.php?id=CVE-2022-40955
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer. En las versiones de Apache InLong anteriores a 1.3.0, un atacante privilegiado suficientes para especificar los parámetros de la URL de conexión JDBC de MySQL y escribir datos arbitrarios en la base de datos de MySQL, podría causar que estos datos fueran deserializados por Apache InLong, conllevando potencialmente a una ejecución de código remota en el servidor de Apache InLong. Es recomendado a usuarios actualizar a Apache InLong versión 1.3.0 o más reciente • http://www.openwall.com/lists/oss-security/2022/09/22/5 https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1 • CWE-502: Deserialization of Untrusted Data •