oss-sec mailing list archives
CVE-2023-24977: Apache InLong: Jdbc Connection causes arbitrary file reading in InLong
From: Charles Zhang <dockerzhang () apache org>
Date: Wed, 01 Feb 2023 03:35:33 +0000
Severity: important Description: Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. Credit: This issue was discovered by s3gundo of Hundsun Tech (finder) References: https://inlong.apache.org https://www.cve.org/CVERecord?id=CVE-2023-24977
Current thread:
- CVE-2023-24977: Apache InLong: Jdbc Connection causes arbitrary file reading in InLong Charles Zhang (Feb 01)