CVE-2024-26580: Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability

CVE-2024-26580: Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability

Open Source Security [[{„value“:“

Posted by Charles Zhang on Mar 06

Severity: important

Affected versions:

– Apache InLong 1.4.0 through 1.10.0

Description:

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through
1.10.0, the attackers can

use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong’s 1.11.0 or
cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/9673

Credit:…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert