Lucene search
ApacheCVELIST:CVE-2022-40955HistorySep 20, 2022 - 1:50 p.m.
CVE-2022-40955 Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC
2022-09-2013:50:08
CWE-502
apache
www.cve.org
4
cve-2022-40955
apache inlong
deserialization attack
rce
jdbc
mysql
remote code execution
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.
CNA Affected
[
{
"product": "Apache InLong",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "Apache InLong",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-40955
2022-09-20 14:15:09
veracode
veracode
Remote Code Execution
2022-09-21 08:46:09
osv
osv
Apache InLong vulnerable to Deserialization of Untrusted Data
2022-09-21 00:00:46
cnvd
cnvd
Apache InLong deserialization vulnerability
2022-09-22 00:00:00
prion
prion
Remote code execution
2022-09-20 14:15:00
nvd
nvd
CVE-2022-40955
2022-09-20 14:15:09
github
github
Apache InLong vulnerable to Deserialization of Untrusted Data
2022-09-21 00:00:46