Lucene search

K
cvelistApacheCVELIST:CVE-2024-26579
HistoryMay 08, 2024 - 3:06 p.m.

CVE-2024-26579 Apache Inlong JDBC Vulnerability

2024-05-0815:06:23
CWE-502
apache
www.cve.org
1
apache inlong
jdbc
deserialization
vulnerability
cve-2024-26579
upgrade
parameters
cherry-pick

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,

the attackers can bypass using malicious parameters.

Users are advised to upgrade to Apache InLong’s 1.12.0 or cherry-pick [1], [2] to solve it.

[1] https://github.com/apache/inlong/pull/9694

[2]  https://github.com/apache/inlong/pull/9707

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache InLong",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.11",
        "status": "affected",
        "version": "1.7.0",
        "versionType": "semver"
      }
    ]
  }
]

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Related for CVELIST:CVE-2024-26579