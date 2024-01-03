en English
Security

Critical Security Vulnerability Identified in Apache InLong: Immediate Action Required

By: Mazhar Abbas
Published: January 3, 2024 at 6:25 am EST
Apache InLong, a well-known open-source project, is currently grappling with a critical security vulnerability in versions 1.7.0 through 1.9.0. This vulnerability, categorized as a Deserialization of Untrusted Data issue, poses a substantial risk to users as it enables attackers to conduct an arbitrary file read attack using the MySQL driver, potentially compromising system security.

Critical Vulnerability Identified

The vulnerability, formally identified as CVE-2023-51785, has been discovered by a finder going by the pseudonym of X1r0z. The exploit impacts confidentiality, integrity, and availability, leading to potential unauthorized data access and system compromise. It is classified as a problematic issue under the CWE-502 classification, affecting an unknown code block of the MySQL Driver component within Apache InLong.

Immediate Action Required

Users of the affected versions of Apache InLong are being strongly advised to either upgrade to version 1.10.0 or apply a specific patch to mitigate the risk posed by this security flaw. The patch, referenced as ‘[1]’ in the advisory, rectifies the issue and safeguards the systems against potential exploitation by malicious actors. The vulnerability was presented to the public on January 3, 2024, and is currently traded as CVE-2023-51785, with a speculated price range of USD $0-$5k for exploitation.

What Lies Ahead?

While the advisory lacks additional context such as the specifics of the attack vector or the impact of the exploit beyond file reading capabilities, users are encouraged to remain vigilant. The nature of this vulnerability is critical, and immediate action is necessary to prevent potential data breaches or system compromise. The Apache community is known for its swift response to such issues, and users can expect further updates or patches if required in the future.

Security Tech
Mazhar Abbas

Mazhar Abbas, a seasoned journalist with a Master's in Mass Communication from Allama Iqbal Open University, has been a distinguished voice across leading Pakistani media outlets since 2015. A cornerstone of BNN Network's coverage, Mazhar specializes in intricate analyses and prompt updates on Pakistan and Afghanistan's pressing events. His commendable dedication to the craft reflects in his insightful pieces. As a proud alumnus of ICFJ and CEJ, Mazhar stands as an esteemed pillar in Pakistan's media realm.

