Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC
Vulnerability Description
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Apache InLong 代码问题漏洞
Vulnerability Description
Apache InLong是美国阿帕奇(Apache)基金会的一站式的海量数据集成框架。提供自动化、安全、可靠的数据传输能力。 Apache InLong 1.3.0 之前版本存在安全漏洞,该漏洞源于具有足够权限来指定MySQL JDBC连接URL参数并将任意数据写入MySQL数据库的攻击者可能会导致该数据被Apache InLong反序列化,从而可能导致在Apache InLong服务器上远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A