org.apache.inlong:sort-connector-jdbc is vulnerable to remote code execution. A remote attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database is able to upload and execute malicious code on server by misusing data deserialization mechanism.
www.openwall.com/lists/oss-security/2022/09/22/5
github.com/advisories/GHSA-26m4-qjp9-xmc6
github.com/apache/inlong/commit/0719f95d3362540d69c6a7924d33e16a34671826
github.com/apache/inlong/commit/41981d937f49db17ae9ccb71b0021a4dfc33cffd
github.com/apache/inlong/pull/5884
github.com/apache/inlong/pull/5896
lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1