CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
45.7%
org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to filterSensitive
function in MySQLSinkDTO.java
not properly sanitizing whitespace characters, especially the horizontal tab \t
, in URL parameters, which allows these characters to bypass parameter filtering. This allows attackers to craft malicious parameters and potentially lead to several security risks like Code execution, SQL injection or Unauthorized data access.