Vulnerabilities > CVE-2022-40955 - Deserialization of Untrusted Data vulnerability in Apache Inlong

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

CWE-502

NVD

Published: 2022-09-20

Updated: 2022-12-21

Summary

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Inlong 0.9.0 Apache Inlong 0.10.0 Apache Inlong 0.11.0 Apache Inlong 0.12.0 Apache Inlong 1.0.0 Apache Inlong 1.1.0 Apache Inlong 1.2.0	7

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References