CRITICAL🇵🇱 Wersja polska

CVE-2023-51784

CVSS 9.8v3.1pub. 2024-01-03upd. 2025-05-16

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329

🤖 AI Analysis
How it works

The vulnerability results from improper control of code generation. An attacker can provide specially crafted input data that will be incorrectly processed by the application and executed as code on the server side. The attack requires no authentication or user interaction, which significantly lowers the threshold for carrying it out.

Impact

An attacker can gain full control over the system running Apache InLong — including the ability to read, modify or delete data, as well as perform lateral movement within the internal network. The vulnerability leads to a breach of confidentiality, integrity and availability of the system.

Mitigation & patch

Apache InLong should be updated immediately to version 1.10.0. Alternatively, a patch available in the pull request can be applied: https://github.com/apache/inlong/pull/9329.

Who is affected

Apache InLong versions 1.5.0 to 1.9.0 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Inlong

    APP
    Apache
    1.5.0 – 1.10.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-27531CRITICAL9.8PL ✓ten sam produkt

Apache InLong: deserializacja danych — odczyt dowolnych plików

CVE-2025-27528CRITICAL9.1PL ✓ten sam produkt

Niebezpieczna deserializacja w Apache InLong umożliwia odczyt plików

CVE-2024-36268CRITICAL9.8PL ✓ten sam produkt

Apache InLong — Code Injection umożliwiający zdalne wykonanie kodu (RCE)

CVE-2024-26579CRITICAL9.8PL ✓ten sam produkt

Deserializacja niezaufanych danych w Apache InLong — ominięcie zabezpieczeń

CVE-2024-26580CRITICAL9.1PL ✓ten sam produkt

Apache InLong — deserializacja danych umożliwiająca odczyt dowolnych plików