CVE-2023-27296
CVSS V2 None
CVSS V3 None
Description
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2] to solve it. [1] https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422
Overview
- CVE ID
- CVE-2023-27296
- Assigner
- security@apache.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-27T15:15:08
- Last Modified Date
- 2023-03-31T14:21:34
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:* | 1 | OR | 1.1.0 | 1.5.0 |
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/xbvtjw9bwzgbo9fp1by8o3p49nf59xzt | Mailing List Patch Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-27296 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27296 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 03:31:12 | Added to TrackCVE | |||
| 2023-04-17 03:31:15 | Weakness Enumeration | new |