Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-pq67-9jf9-hc3c: JDBC URL bypassing by allowLoadLocalInfileInPath param

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.

The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong’s 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .

ghsa
#vulnerability#apache#git

JDBC URL bypassing by allowLoadLocalInfileInPath param

High severity GitHub Reviewed Published Jul 25, 2023 to the GitHub Advisory Database • Updated Jul 25, 2023

Related news

CVE-2023-34434

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.  The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection