Vulnerability Description
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Inlong | < 1.3.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/09/22/5Mailing ListThird Party Advisory
- https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1Issue TrackingMailing ListPatch
- http://www.openwall.com/lists/oss-security/2022/09/22/5Mailing ListThird Party Advisory
- https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1Issue TrackingMailing ListPatch
FAQ
What is CVE-2022-40955?
CVE-2022-40955 is a vulnerability with a CVSS score of 8.8 (HIGH). In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this ...
How severe is CVE-2022-40955?
CVE-2022-40955 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40955?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Inlong.