CVE-2023-51785

2024-01-0310:15:09

CWE-502

[email protected]

web.nvd.nist.gov

cve-2023-51785

deserialization

untrusted data

apache inlong

vulnerability

security

upgrade

patch

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong’s 1.10.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/9331

Affected configurations

Vulners

NVD

Node

apacheinlongRange≤1.9.0

CPENameOperatorVersion
apache:inlongapache inlongle1.9.0

CPE	Name	Operator	Version
apache:inlong	apache inlong	le	1.9.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache InLong",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.9.0",
        "status": "affected",
        "version": "1.7.0",
        "versionType": "semver"
      }
    ]
  }
]