Lucene search

Veracode Vulnerability DatabaseVERACODE:46818

HistoryMay 09, 2024 - 5:50 a.m.

Deserialization Of Untrusted Data

2024-05-0905:50:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

deserialization

untrusted data

query parameters

jdbc security

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by improper query parameters sanitization within the filterSensitive method, which allows an attackers to bypass JDBC security checks.

CPENameOperatorVersion
apache inlong - manager pojole1.11.0
apache inlong - manager pojole1.11.0

CPE	Name	Operator	Version
	apache inlong - manager pojo	le	1.11.0
	apache inlong - manager pojo	le	1.11.0

References

www.openwall.com/lists/oss-security/2024/05/09/2

github.com/advisories/GHSA-fgh3-pwmp-3qw3

github.com/apache/inlong/commit/23e3e00cae1fd120b089fca54f7440945dfe11a4

github.com/apache/inlong/commit/cdf616670942fec7d09fae2452e2ea215205dd1d

lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3