Severity
High
Analysis Summary
CVE-2023-51784 CVSS:9.8
Apache InLong could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the InLong Manager. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-51785 CVSS:7.5
Apache InLong could allow a remote attacker to obtain sensitive information, caused by an unsafe deserialization flaw when using mysql driver. By sending a specially crafted request, an attacker could exploit this vulnerability to read arbitrary files, and use this information to launch further attacks against the affected system.
Impact
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-51784
- CVE-2023-51785
Affected Vendors
Apache
Affected Products
- Apache InLong 1.5.0
- Apache InLong 1.6.0
- Apache InLong 1.7.0
- Apache InLong 1.8.0
- Apache InLong 1.9.0
Remediation
Upgrade to the latest version of Apache InLong, available from the Apache Website.