CRITICAL🇵🇱 Wersja polska

CVE-2024-26579

CVSS 9.8v3.1pub. 2024-05-08upd. 2025-03-28

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,  the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2]  https://github.com/apache/inlong/pull/9707

🤖 AI Analysis
How it works

The vulnerability results from improper handling of deserialization of input data in Apache InLong. A remote attacker, without authentication and without user interaction, can submit malicious parameters that bypass protection mechanisms against unsafe deserialization. Processing such data by the application may lead to unintended code execution or manipulation of system state.

Impact

Successful exploitation of this vulnerability allows an attacker to gain complete control over the application — including unauthorized access to data (C:H), modification of data or configuration (I:H), and disruption of service availability (A:H).

Mitigation & patch

Apache InLong should be updated to version 1.12.0 or security patches indicated by the vendor in the following pull requests should be applied: https://github.com/apache/inlong/pull/9694 and https://github.com/apache/inlong/pull/9707.

Who is affected

Apache InLong in versions 1.7.0 through 1.11.0 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Inlong

    APP
    Apache
    1.7.0 – 1.12.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2025-27531CRITICAL9.8PL ✓ten sam produkt

Apache InLong: deserializacja danych — odczyt dowolnych plików

CVE-2025-27528CRITICAL9.1PL ✓ten sam produkt

Niebezpieczna deserializacja w Apache InLong umożliwia odczyt plików

CVE-2024-36268CRITICAL9.8PL ✓ten sam produkt

Apache InLong — Code Injection umożliwiający zdalne wykonanie kodu (RCE)

CVE-2024-26580CRITICAL9.1PL ✓ten sam produkt

Apache InLong — deserializacja danych umożliwiająca odczyt dowolnych plików

CVE-2023-51784CRITICAL9.8PL ✓ten sam produkt

Apache InLong — Code Injection umożliwiający zdalne wykonanie kodu (RCE)