Inlong
Monthly
Critical deserialization of untrusted data vulnerability in Apache InLong versions 1.13.0 through 2.0.x that allows authenticated attackers to read arbitrary files through parameter manipulation ('double writing' the param). With a CVSS 9.8 score and network-based attack vector requiring no user interaction, this represents a high-severity information disclosure risk affecting data ingestion pipeline deployments.
Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.10.0 through 1.12.0, which could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.5.0 through 1.9.0, which could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.8.0, the attacker can use \t to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.4.0 through 1.8.0, the attacker can create misleading or false log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.4.0 through 1.8.0, General user can view all user data like Admin account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.5.0 through 1.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
Critical deserialization of untrusted data vulnerability in Apache InLong versions 1.13.0 through 2.0.x that allows authenticated attackers to read arbitrary files through parameter manipulation ('double writing' the param). With a CVSS 9.8 score and network-based attack vector requiring no user interaction, this represents a high-severity information disclosure risk affecting data ingestion pipeline deployments.
Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.10.0 through 1.12.0, which could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.5.0 through 1.9.0, which could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.8.0, the attacker can use \t to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.4.0 through 1.8.0, the attacker can create misleading or false log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.4.0 through 1.8.0, General user can view all user data like Admin account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.5.0 through 1.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.