CVE-2023-24997: Deserialization of Untrusted Data

February 1, 2023 (updated February 2, 2023)

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it.

References

github.com/advisories/GHSA-22j4-qc48-j8f8
github.com/apache/inlong/pull/7223
lists.apache.org/thread/nxvtxq7oxhwyzo9ty2hqz8rvh5r7ngd8
nvd.nist.gov/vuln/detail/CVE-2023-24997

Code Behaviors & Features

Detect and mitigate CVE-2023-24997 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →