Lucene search

GitHub Advisory DatabaseGHSA-C3RH-F2W5-FGHM

HistoryJul 06, 2023 - 9:14 p.m.

Apache InLong Deserialization of Untrusted Data Vulnerability

2023-07-0621:14:59

CWE-502

GitHub Advisory Database

github.com

apache software foundation

untrusted data

vulnerability

upgrade

filtering

github pull request

cherry-pick

security issue

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.6%

JSON

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the autoDeserialize option filtering by adding blanks. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7674 to solve it.

Affected configurations

Vulners

Node

org.apache.inlong\managerMatchcommon

org.apache.inlong\managerMatchpojo

CPENameOperatorVersion
org.apache.inlong:manager-commonlt1.7.0
org.apache.inlong:manager-pojolt1.7.0

CPE	Name	Operator	Version
	org.apache.inlong:manager-common	lt	1.7.0
	org.apache.inlong:manager-pojo	lt	1.7.0

References

github.com/advisories/GHSA-c3rh-f2w5-fghm

github.com/apache/inlong/pull/7674

lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z

nvd.nist.gov/vuln/detail/CVE-2023-31058

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.6%

JSON

Related for GHSA-C3RH-F2W5-FGHM