CVE-2023-27296: Deserialization of Untrusted Data

March 27, 2023

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick [2] to solve it. [1] https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422

References

github.com/advisories/GHSA-gpqq-59rp-3c3w
github.com/apache/inlong/pull/7422
lists.apache.org/thread/xbvtjw9bwzgbo9fp1by8o3p49nf59xzt
nvd.nist.gov/vuln/detail/CVE-2023-27296
programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html

Detect and mitigate CVE-2023-27296 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →