oss-sec mailing list archives
CVE-2023-51784: Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager
From: Charles Zhang <dockerzhang () apache org>
Date: Wed, 03 Jan 2024 02:05:18 +0000
Severity: important Affected versions: - Apache InLong 1.5.0 through 1.9.0 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 Credit: X1r0z (finder) References: https://www.cve.org/CVERecord?id=CVE-2023-51784
Current thread:
- CVE-2023-51784: Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager Charles Zhang (Jan 03)