Lucene search
Veracode Vulnerability DatabaseVERACODE:37225HistorySep 21, 2022 - 8:46 a.m.
Remote Code Execution
2022-09-2108:46:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
apache inlong
sort connector jdbc
remote code execution
mysql
data deserialization
security vulnerability
EPSS
0.003
Percentile
70.2%
org.apache.inlong:sort-connector-jdbc is vulnerable to remote code execution. A remote attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database is able to upload and execute malicious code on server by misusing data deserialization mechanism.
References
www.openwall.com/lists/oss-security/2022/09/22/5
github.com/advisories/GHSA-26m4-qjp9-xmc6
github.com/apache/inlong/commit/0719f95d3362540d69c6a7924d33e16a34671826
github.com/apache/inlong/commit/41981d937f49db17ae9ccb71b0021a4dfc33cffd
github.com/apache/inlong/pull/5884
github.com/apache/inlong/pull/5896
lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1
Related
cve
cve
CVE-2022-40955
2022-09-20 14:15:09
osv
osv
Apache InLong vulnerable to Deserialization of Untrusted Data
2022-09-21 00:00:46
cnvd
cnvd
Apache InLong deserialization vulnerability
2022-09-22 00:00:00
prion
prion
Remote code execution
2022-09-20 14:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-40955
2022-09-20 14:15:09
github
github
Apache InLong vulnerable to Deserialization of Untrusted Data
2022-09-21 00:00:46