Critical vulnerability in Apache InLong - patch now
Take action: The Apache InLong exploit isn't immediately clear, it won't be too long until there is an exploit once the crime groups read through the patch details. If your InLong system is visible on the internet, push for an ASAP patch. Otherwise, you can plan for a patch in the next cycle, but don't avoid the patch - hackers will find a way to reach your Apache InLong.
Learn More
Apache InLong is currently reporting a serious security issue identified in its versions ranging from 1.7.0 to 1.9.0. Apache InLong is an open-source data streaming platform managed by the Apache Software Foundation. It is designed to facilitate the efficient and reliable ingestion, transportation, transformation, and storage of large-scale data.
The vulnerability, tracked as CVE-2023-51785 (CVSS3 score 9.8), is a Deserialization of Untrusted Data. It poses a significant threat to user security by enabling attackers to carry out an arbitrary file read attack via the MySQL driver, potentially leading to severe compromises in system security.
Users of Apache InLong are advised to either upgrade their system to the newer version 1.10.0 or to implement a designated patch.
While the advisory does not provide exhaustive details about the specific attack vector or the full scope of the exploit's impact beyond file reading capabilities, the critical nature of this vulnerability warrants immediate action from users.
