CVE-2023-34434

CVSS 3.1 Score 7.5 of 10 (high)

Attack Complexity low
Confidentiality high
Integrity none
Availability none
Scope unchanged
Privileges Required none

Details

Published Jul 25, 2023
Updated: Aug 2, 2023
CWE ID 502

Summary

CVE-2023-34434 is a deserialization vulnerability affecting Apache InLong versions 1.4.0 through 1.7.0. An attacker can exploit this issue to bypass security logic and read arbitrary files. To mitigate this risk, users are advised to upgrade to Apache InLong version 1.8.0 or apply the fix from pull request #8130.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share