CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-36268 – Apache InLong TubeMQ Client: Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36268
02 Aug 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/10251 • https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26579 – Apache Inlong JDBC Vulnerability
https://notcve.org/view.php?id=CVE-2024-26579
08 May 2024 — Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 Vulnerabilidad de deserialización de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde 1.7.0 hasta 1.11.0, los atac... • http://www.openwall.com/lists/oss-security/2024/05/09/2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26580 – Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
https://notcve.org/view.php?id=CVE-2024-26580
06 Mar 2024 — Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673 Vulnerabilidad de deserialización de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde 1.8.0 hasta 1.10.0, los atacantes pueden usar el payload e... • http://www.openwall.com/lists/oss-security/2024/03/06/1 • CWE-502: Deserialization of Untrusted Data •