// For flags

CVE-2024-26579

Apache Inlong JDBC Vulnerability

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, 

the attackers can bypass using malicious parameters.

Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.

[1] https://github.com/apache/inlong/pull/9694

[2]  https://github.com/apache/inlong/pull/9707

Vulnerabilidad de deserialización de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde 1.7.0 hasta 1.11.0, los atacantes pueden eludir el uso de parámetros maliciosos. Se recomienda a los usuarios actualizar a Apache InLong 1.12.0 o seleccionar [1], [2] para resolverlo. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707

*Credits: L0ne1y , Ming
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-05-08 CVE Published
  • 2024-06-11 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache Software Foundation
Search vendor "Apache Software Foundation"
 Apache InLong
Search vendor "Apache Software Foundation" for product "Apache InLong"
 >= 1.7.0 <= 1.11
Search vendor "Apache Software Foundation" for product "Apache InLong" and version " >= 1.7.0 <= 1.11"
en
Affected