VYPR
High severityNVD Advisory· Published Jul 25, 2023· Updated Feb 13, 2025

Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param

CVE-2023-34434

Description

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.

The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.inlong:manager-pojoMaven
>= 1.4.0, < 1.8.01.8.0

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.