=====================================================================

                              CERT-Renater

                   Note d'Information No. 2023/VULN121

_____________________________________________________________________

DATE                : 29/03/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache InLong versions 1.1.0
                              up to and including 1.5.0.

=====================================================================
https://lists.apache.org/thread/xbvtjw9bwzgbo9fp1by8o3p49nf59xzt
_____________________________________________________________________

Severity: important

Description:

Deserialization of Untrusted Data vulnerability in Apache Software
Foundation Apache InLong.

It could be triggered by authenticated users of InLong, you could
refer to [1] to know more about this vulnerability.

This issue affects Apache InLong: from 1.1.0 through 1.5.0.  Users
are advised to upgrade to Apache InLong's latest version or
cherry-pick [2] to solve it.


[1] 
https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html
[2] https://github.com/apache/inlong/pull/7422
https://github.com/apache/inlong/pull/7422


Credit:

escape Wang (finder)


References:

https://https://inlong.apache.orghttps://www.cve.org/CVERecord?id=CVE-2023-27296



Best wishes,
Charles Zhang
from Apache InLong

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================