Description

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223  to solve it.

Remediation

References

https://lists.apache.org/thread/nxvtxq7oxhwyzo9ty2hqz8rvh5r7ngd8

Related Vulnerabilities

CVE-2020-9482 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-core

CVE-2021-33813 Vulnerability in maven package org.jdom:jdom

CVE-2022-28732 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2023-27603 Vulnerability in maven package org.apache.linkis:linkis-common

CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-common_2.12

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Vendor Advisory