First published: Wed Jan 03 2024(Updated: )
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9331
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.apache.inlong:manager-pojo | >=1.5.0<1.10.0 | 1.10.0 |
Apache InLong | >=1.7.0<=1.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-51785 is classified as a high severity vulnerability due to its potential to allow arbitrary file read attacks.
To fix CVE-2023-51785, upgrade your Apache InLong to version 1.10.0 or later.
CVE-2023-51785 affects Apache InLong versions from 1.7.0 to 1.9.0.
CVE-2023-51785 allows attackers to perform arbitrary file read attacks using the MySQL driver.
A workaround for CVE-2023-51785 includes cherry-picking certain fixes if an immediate upgrade is not feasible.