Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the
'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick
https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-05-22T12:54:12.153Z
Updated: 2024-08-02T14:45:24.965Z
Reserved: 2023-04-24T02:24:37.855Z
Link: CVE-2023-31058
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-05-22T13:15:09.843
Modified: 2023-05-27T00:48:58.773
Link: CVE-2023-31058
Redhat
No data.