Description
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it.
Remediation
References
https://lists.apache.org/thread/nxvtxq7oxhwyzo9ty2hqz8rvh5r7ngd8
Related Vulnerabilities
CVE-2016-6793 Vulnerability in maven package org.apache.wicket:wicket-util
CVE-2020-2249 Vulnerability in maven package org.jenkins-ci.plugins:tfs
CVE-2022-34185 Vulnerability in maven package me.leejay.jenkins:date-parameter
CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-jdbc