Vulnerabilities > Apache > Inlong

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2023-31058 Unspecified vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
network
low complexity
apache
7.5
2023-04-11 CVE-2023-30465 Unspecified vulnerability in Apache Inlong 1.4.0/1.5.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the   user with ID 1 from the "user" table, one character at a time.  Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529
network
low complexity
apache
5.3
2023-03-27 CVE-2023-27296 Unspecified vulnerability in Apache Inlong
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0.
network
low complexity
apache
8.8
2023-02-01 CVE-2023-24997 Unspecified vulnerability in Apache Inlong
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223  to solve it.
network
low complexity
apache
critical
9.8
2023-02-01 CVE-2023-24977 Unspecified vulnerability in Apache Inlong
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214  to solve it.
network
low complexity
apache
7.5
2022-09-20 CVE-2022-40955 Unspecified vulnerability in Apache Inlong
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server.
network
low complexity
apache
8.8