Home > Vulnerability Database > CVE-2022-40955

Mend.io Vulnerability Database

CVE-2022-40955

Good to know:

Date: September 20, 2022

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

Language: Java

Severity Score

8.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-40955

Url: https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1

Url: http://www.openwall.com/lists/oss-security/2022/09/22/5

Url: https://github.com/apache/inlong/commit/41981d937f49db17ae9ccb71b0021a4dfc33cffd#diff-99257931090197ce828a057d853b9612c0375beea3bae49b412a272cf839af35

Url: https://www.mend.io/vulnerability-database/CVE-2022-40955

Severity Score

8.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

Upgrade Version

Upgrade to version org.apache.inlong:inlong-common:1.3.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-40955

Good to know:

Date: September 20, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?