Security
Headlines

Headlines Latest CVEs

Headline

GHSA-26m4-qjp9-xmc6: Apache InLong vulnerable to Deserialization of Untrusted Data

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

2 years ago

#sql #apache #git #rce

Apache InLong vulnerable to Deserialization of Untrusted Data

High severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022

Related news

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

2 years ago

#sql #apache #rce

ghsa: Latest News

GHSA-g85v-wf27-67xc: Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

6 hours ago

GHSA-8495-4g3g-x7pr: aiohttp allows request smuggling due to incorrect parsing of chunk extensions

9 hours ago

GHSA-27mf-ghqm-j3j8: aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

9 hours ago

GHSA-jp37-5qhw-mffw: Sharks has a Bias of Polynomial Coefficients in Secret Sharing

10 hours ago

GHSA-vggm-3478-vm5m: Graylog concurrent PDF report rendering can leak other users' reports

10 hours ago