=====================================================================

                                CERT-Renater

                     Note d'Information No. 2022/VULN349

_____________________________________________________________________

DATE                : 23/09/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Inlong.

=====================================================================
https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1
_____________________________________________________________________

Re: RCE Vulnerability in Apache Inlong (incubator)
Posted to dev@inlong.apache.org

healchow - jeudi 15 septembre 2022 12:28:18 UTC+2
Dear all,

Apache InLong just fixed the vulnerability of MySQL JDBC URL,
please refer to these PRs:

https://github.com/apache/inlong/pull/5884
https://github.com/apache/inlong/pull/5893
https://github.com/apache/inlong/pull/5896

Those fixes will be released in the next release.
BTW, they also have been synced in the just-released 1.3.0.

Credit: This issue was discovered by 4ra1n.

Best Regards
healchow


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================