CVE-2023-46227 — Deserialization of Untrusted Data in Apache Inlong

CWE-502 — Deserialization of Untrusted Data4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 82.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Inlong Apache Software Foundation Apache Inlong

Timeline

PublishedOct 19

Description

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5apache_software_foundation/apache_inlong1.4.0 — 1.8.0

▶NVDapache/inlong1.4.0 — 1.9.0

🔴Vulnerability Details

GHSA

Apache InLong Deserialization of Untrusted Data Vulnerability↗2023-10-19

▶

CVEList

Apache inlong has an Arbitrary File Read Vulnerability↗2023-10-19

▶

OSV

Apache InLong Deserialization of Untrusted Data Vulnerability↗2023-10-19

▶