Lucene search
K

434 matches found

BDU FSTEC
BDU FSTEC
added 2022/10/10 12:0 a.m.5 views

The vulnerability of the JDBC platform integration data processing server Apache InLong’s URL address handler allows a attacker to execute arbitrary code.

The vulnerability of the JDBC URL connection handler of the Apache InLong data integration platform is related to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8AI score0.02143EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2022/09/22 12:0 a.m.21 views

Apache InLong Deserialization Vulnerability

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.3.0, which arises from unsafe deserialization of...

8.8CVSS8.7AI score0.02143EPSS
Exploits0References1
Veracode
Veracode
added 2022/09/21 8:46 a.m.17 views

Remote Code Execution

org.apache.inlong:sort-connector-jdbc is vulnerable to remote code execution. A remote attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database is able to upload and execute malicious code on server by misusing data...

8.8CVSS9.2AI score0.02143EPSS
Exploits0References7Affected Software2
vulnersOsv
vulnersOsv
added 2022/09/21 12:0 a.m.4 views

org.apache.inlong.agent-common.1.11.0.inlong1.11.org.apache.inlong:agent-common (=1.11.0), org.apache.inlong:agent-common (>=1.0.0-incubating <=1.13.0) +83 more potentially affected by CVE-2022-40955 via org.apache.inlong:inlong-common (>=0.9.0-incubating <=1.2.0-incubating)

org.apache.inlong:inlong-common MAVEN version =0.9.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.12.0, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.12.0, =1.0.0-incubating, =1.0.0-incubating, =1.1.0-incubating,...

8.8CVSS7.6AI score0.02143EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/09/21 12:0 a.m.27 views

Apache InLong vulnerable to Deserialization of Untrusted Data

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the...

8.8CVSS8.8AI score0.02143EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/21 12:0 a.m.18 views

GHSA-26M4-QJP9-XMC6 Apache InLong vulnerable to Deserialization of Untrusted Data

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the...

8.8CVSS8.9AI score0.02143EPSS
Exploits0References4
OSV
OSV
added 2022/09/20 2:15 p.m.1 views

CVE-2022-40955

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the...

8.8CVSS6AI score0.02143EPSS
Exploits0References2
NVD
NVD
added 2022/09/20 2:15 p.m.29 views

CVE-2022-40955

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the...

8.8CVSS0.02143EPSS
Exploits0References2
Prion
Prion
added 2022/09/20 2:15 p.m.25 views

Remote code execution

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the...

6.5CVSS8.9AI score0.02143EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/20 1:50 p.m.6 views

CVE-2022-40955 Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the...

7.5AI score0.02143EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/20 1:50 p.m.30 views

CVE-2022-40955 Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the...

9.2AI score0.02143EPSS
Exploits0References2
CVE
CVE
added 2022/09/20 1:50 p.m.101 views

CVE-2022-40955

CVE-2022-40955 affects Apache InLong, prior to version 1.3.0. The vulnerability arises from unsafe deserialization of data received via the MySQL JDBC connection URL parameters, allowing an attacker with privileges to supply these parameters and write arbitrary data to the MySQL database to cause...

8.8CVSS8.9AI score0.02143EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.18 views

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.3.0, which arises from unsafe deserialization of...

8.8CVSS6.9AI score0.02143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.2 views

PT-2022-4972 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions prior to 1.3.0 Description: The issue is related to the deserialization of untrusted data in the MySQL JDBC connection URL parameters, potentially leading to Remote Code Execution on the Apache InLong server. An attacke...

9CVSS8.8AI score0.02143EPSS
Exploits0References13
Rows per page
Query Builder