Received: by 2002:ab2:6991:0:b0:1f7:f6c3:9cb1 with SMTP id v17csp1065113lqo; Thu, 9 May 2024 03:55:33 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVdtDN2OKWIRFq6ZIMTL9+um2qnqs9hyof1OKWXdhmGpUS3Ycyl6YBg7tt9ae61oadMYjaK+jtBEbTHukmxW9To86wCeX4GA0VXBWzQkQ== X-Google-Smtp-Source: AGHT+IEvhusFwgXjv6Rxt2UcTmdUs+ktCtV3nADK8dK/lGQWB4FZQEb9K6LpuqsFhpXm7RMtPmMi X-Received: by 2002:a05:620a:80f:b0:792:b967:462 with SMTP id af79cd13be357-792b9670639mr319264285a.62.1715252133298; Thu, 09 May 2024 03:55:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1715252133; cv=none; d=google.com; s=arc-20160816; b=tLk1ubaifrXojId0JoAPrUaoQeBMaeXv/DvqHh82KtOZIk56m5wHU+OPyKnXCGhB+v C+ivT3TMsN52CWs2bNWC7/lRDTurP2/ORquE4pNBmXIphIw/OhV6P5EAt0uZftCuw8z3 E+6iWoGTUhf0v0m78JEswalkacl0Y4+pnFWG+UcUjPDRDQqUCCW+rZhD/Dngh+qHNgds yElGB2o4eUB4VKfmUX1h0UsOIE08JoFitmP10Yu1z6oWkMWzMzpxAR0pouRDfgGNY19a p9XUfYut2FK7hzHKIEBs1Es4RC+AMYTN1CWSygn+NRXEXYqMBU9a1bpfXzUQnMxaB+Nj DfWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:mime-version:date:content-transfer-encoding:message-id:to :from:delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=AAIDWU94qFvKFPtIWZqeAoc7fzyjnm0f8VanzUyGyoc=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=figpIatS3kyBY01VTRnZTpyK5VllpX8nC1PeCVivUkFTEvpLJRAEQHIKTamdJp2A1W c8tcwox6qbuOXxWmA9f6C4UWQTYwidqHM5gTzCk6QJ9St/Rurr/y2nv88qFhWYmcXlBU UqVEU4YUHeavolmfw7JGPzCef//pv4HCFA03tokHMzH+aNOKkFINTBKXE0VskCv/mGZd 07jSlEHQpyca0AOptw9NABLAao4yaVBD3snXNscrNSWGhq+n7sqm/hEuJ1H5B47bS0+7 yRyEVa3CcpfxC/YMiBJmDcZHDyZZL1Jj0Qq6IaugMtXHcX2Tf2Q7iecO2kmh1QXOhutC 6r/w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of oss-security-return-30137-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30137-linux.lists.archive=gmail.com@lists.openwall.com" Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id af79cd13be357-792bf340435si111651585a.520.2024.05.09.03.55.32 for ; Thu, 09 May 2024 03:55:33 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30137-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; spf=pass (google.com: domain of oss-security-return-30137-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30137-linux.lists.archive=gmail.com@lists.openwall.com" Received: (qmail 11674 invoked by uid 550); 9 May 2024 10:52:38 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 24138 invoked from network); 8 May 2024 14:51:01 -0000 Authentication-Results: apache.org; auth=none Content-Type: text/plain; charset=utf-8 From: Charles Zhang To: oss-security@lists.openwall.com Message-ID: <2f83357c-86bb-dd6f-39b4-d9aaf894b9d9@apache.org> Content-Transfer-Encoding: quoted-printable Date: Wed, 08 May 2024 14:50:46 +0000 MIME-Version: 1.0 Subject: [oss-security] CVE-2024-26579: Apache Inlong JDBC Vulnerability Severity: important Affected versions: - Apache InLong 1.7.0 through 1.10 Description: Deserialization of Untrusted Data vulnerability in Apache InLong.This issue= affects Apache InLong: from 1.7.0 through 1.11.0,=C2=A0 the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], = [2] to solve it. [1] https://github.com/apache/inlong/pull/9694=20 [2]=C2=A0 https://github.com/apache/inlong/pull/9707 Credit: L0ne1y (finder) Ming (finder) References: https://inlong.apache.org https://www.cve.org/CVERecord?id=3DCVE-2024-26579