CVE-2024-26580

Published: Mar 6, 2024Modified: May 7, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673

Affected (1)

Products: Apache: Inlong

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Inlong	From 1.4.0 to 1.11.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

http://www.openwall.com/lists/oss-security/2024/03/06/1

Source: security@apache.org

Mailing List

https://lists.apache.org/thread/xvomf66l58x4dmoyzojflvx52gkzcdmk

Source: security@apache.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2024/03/06/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.apache.org/thread/xvomf66l58x4dmoyzojflvx52gkzcdmk

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.