Lucene search
Veracode Vulnerability DatabaseVERACODE:40651HistoryMay 24, 2023 - 2:42 a.m.
Deserialization Of Untrusted Data
2023-05-2402:42:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
vulnerability
deserialization of untrusted data
url injection
0.002 Low
EPSS
Percentile
53.6%
org.apache.inlong:manager-pojo is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in multiple functions because an attacker is able to add whitespaces when saving a url, which allows bypassing the autoDeserialize option filtering, resulting in deserialization of potentially malicious data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache inlong - manager pojo | le | 1.6.0 | |
| apache inlong - manager pojo | le | 1.6.0 |
Related
cve
cve
CVE-2023-31058
2023-05-22 13:15:09
cnvd
cnvd
Apache InLong Code Execution Vulnerability
2023-05-28 00:00:00
github
github
Apache InLong Deserialization of Untrusted Data Vulnerability
2023-07-06 21:14:59
cvelist
cvelist
CVE-2023-31058 Apache InLong: JDBC URL bypassing by adding blanks
2023-05-22 12:54:12
nvd
nvd
CVE-2023-31058
2023-05-22 13:15:09
osv
osv
Apache InLong Deserialization of Untrusted Data Vulnerability
2023-07-06 21:14:59
CVE-2023-31058
2023-05-22 13:15:09
prion
prion
Deserialization of untrusted data
2023-05-22 13:15:00