We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
漏洞描述 Apache InLong 是开源的高性能数据集成框架,方便业务构建基于流式的数据分析、建模和应用。 由于在mysql jdbc 8.0.11和8.0.12版本中,allowLoadLocalInFile、autoDeserizalize参数的默认值为true。当 InLong 使用受影响的mysql连接器时,具备 InLong Web 端登陆权限的攻击者在配置jdbc url参数时,不需要额外配置的连接参数,可以直接利用漏洞,从而绕过敏感参数检查,造成任意命令执行、任意文件读取等危害。
参考链接
The text was updated successfully, but these errors were encountered:
No branches or pull requests
漏洞描述
Apache InLong 是开源的高性能数据集成框架,方便业务构建基于流式的数据分析、建模和应用。
由于在mysql jdbc 8.0.11和8.0.12版本中,allowLoadLocalInFile、autoDeserizalize参数的默认值为true。当 InLong 使用受影响的mysql连接器时,具备 InLong Web 端登陆权限的攻击者在配置jdbc url参数时,不需要额外配置的连接参数,可以直接利用漏洞,从而绕过敏感参数检查,造成任意命令执行、任意文件读取等危害。
参考链接
The text was updated successfully, but these errors were encountered: