Maven package
org.apache.inlong/manager-common
pkg:maven/org.apache.inlong/manager-common
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26580 | — | >= 1.8.0, < 1.11.0 | 1.11.0 | Mar 6, 2024 | Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to | ||
| CVE-2023-46227 | — | >= 1.4.0, < 1.9.0 | 1.9.0 | Oct 19, 2023 | Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] | ||
| CVE-2023-31058 | — | >= 1.4.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's |
- CVE-2024-26580Mar 6, 2024affected >= 1.8.0, < 1.11.0fixed 1.11.0
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to
- CVE-2023-46227Oct 19, 2023affected >= 1.4.0, < 1.9.0fixed 1.9.0
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1]
- CVE-2023-31058May 22, 2023affected >= 1.4.0, < 1.7.0fixed 1.7.0
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's