QwikSec

Security Database

CVE

CWE

Training

CVE-2022-40955

Published: Sep 20, 2022

Modified: May 29, 2025

PUBLISHED

Description

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

Vendor	Product	Versions
Apache Software Foundation	Apache InLong	affected `Apache InLong - < 1.3.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1

x_refsource_MISC

[oss-security] 20220922 CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.