Lucene search

GitHub Advisory DatabaseGHSA-P2GX-4434-PF6G

HistoryMar 06, 2024 - 12:30 p.m.

Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability

2024-03-0612:30:29

CWE-502

GitHub Advisory Database

github.com

apache inlong

vulnerability

file read

arbitrary user exploit

deserialization

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can

use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong’s 1.11.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/9673

Affected configurations

Vulners

Node

org.apache.inlong\managerMatchcommon

References

www.openwall.com/lists/oss-security/2024/03/06/1

github.com/advisories/GHSA-p2gx-4434-pf6g

github.com/apache/inlong/commit/1b63af3e1f208602f60b5ce19af7413443c3027c

github.com/apache/inlong/pull/9673

lists.apache.org/thread/xvomf66l58x4dmoyzojflvx52gkzcdmk

nvd.nist.gov/vuln/detail/CVE-2024-26580

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for GHSA-P2GX-4434-PF6G