Skip to content

JDBC URL bypassing by allowLoadLocalInfileInPath param

High severity GitHub Reviewed Published Jul 25, 2023 to the GitHub Advisory Database • Updated Nov 5, 2023

Package

maven org.apache.inlong:manager-pojo (Maven)

Affected versions

>= 1.4.0, < 1.8.0

Patched versions

1.8.0

Description

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. 

The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick apache/inlong#8130 .

References

Published by the National Vulnerability Database Jul 25, 2023
Published to the GitHub Advisory Database Jul 25, 2023
Reviewed Jul 25, 2023
Last updated Nov 5, 2023

Severity

High

EPSS score

0.388%
(74th percentile)

Weaknesses

CVE ID

CVE-2023-34434

GHSA ID

GHSA-pq67-9jf9-hc3c

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.