CVE-2023-31058

2023-05-2213:15:09

CWE-502

[email protected]

web.nvd.nist.gov

cve-2023-31058

apache software foundation

inlong

vulnerability

security

deserialization

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.6%

JSON

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the
‘autoDeserialize’ option filtering by adding blanks. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick

https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.

Affected configurations

Vulners

NVD

Node

apacheinlongRange≤1.6.0

CPENameOperatorVersion
apache:inlongapache inlongle1.6.0

CPE	Name	Operator	Version
apache:inlong	apache inlong	le	1.6.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache InLong",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.6.0",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "semver"
      }
    ]
  }
]