4 matches found
Deserialization Of Untrusted Data
org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to filterSensitive function in MySQLSinkDTO.java not properly sanitizing whitespace characters, especially the horizontal tab \t, in URL parameters, which allows these characters to bypass...
Deserialization Of Untrusted Data
manager-pojo is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists because the MySQLSinkDTO.java does not properly check encoding in the MySQL JDBC URLs, which allows an attacker to bypass the current logic and achieve arbitrary file read through the...
Deserialization Of Untrusted Data
manager-pojo is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists because the filterSensitive function of MySQLSinkDTO.java does not properly decode the user input MySQL JDBC URLs, allowing an attacker to control the current state or the flow of the execution...
Out-Of-Bounds Read
org.apache.inlong, manager-pojo is vulnerable to Out-Of-Bounds Reads. An out-of-bounds read vulnerability exists in MySQLSinkDTO.java which may lead to exfiltration of memory resulting in disclosure of sensitive information...