{ "schema_version": "1.4.0", "id": "GHSA-fgh3-pwmp-3qw3", "modified": "2025-02-13T18:59:54Z", "published": "2024-05-08T15:30:42Z", "aliases": [ "CVE-2024-26579" ], "summary": "Apache Inlong Deserialization of Untrusted Data vulnerability", "details": "Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.7.0 through 1.11.0. The attackers can bypass using malicious parameters.\n\nUsers are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.\n\n[1] https://github.com/apache/inlong/pull/9694 \n\n[2]  https://github.com/apache/inlong/pull/9707", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.inlong:manager-pojo" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "1.7.0" }, { "fixed": "1.12.0" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26579" }, { "type": "WEB", "url": "https://github.com/apache/inlong/pull/9694" }, { "type": "WEB", "url": "https://github.com/apache/inlong/pull/9707" }, { "type": "WEB", "url": "https://github.com/apache/inlong/commit/23e3e00cae1fd120b089fca54f7440945dfe11a4" }, { "type": "WEB", "url": "https://github.com/apache/inlong/commit/cdf616670942fec7d09fae2452e2ea215205dd1d" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-fgh3-pwmp-3qw3" }, { "type": "PACKAGE", "url": "https://github.com/apache/inlong" }, { "type": "WEB", "url": "https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2024/05/09/2" } ], "database_specific": { "cwe_ids": [ "CWE-502" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-05-08T19:57:07Z", "nvd_published_at": "2024-05-08T15:15:08Z" } }