Deserialization of Untrusted Data Vulnerability Affects Apache InLong
CVE-2024-26579

Currently unrated

Key Information:

Vendor
Apache
Status
Apache Inlong
Vendor
CVE Published:
8 May 2024

Summary

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, 

the attackers can bypass using malicious parameters.

Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.

[1] https://github.com/apache/inlong/pull/9694

[2]  https://github.com/apache/inlong/pull/9707

Affected Version(s)

Apache InLong 1.7.0 <= 1.11

References

https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyy...
vendor-advisory
https://github.com/advisories/GHSA-fgh3-pwmp-3qw3
http://www.openwall.com/lists/oss-security/2024/05/09/2

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

L0ne1y
Ming
.