{"schema_version": "1.6.1", "id": "CVE-2023-31058", "summary": "JDBC URL bypassing by adding blanks", "details": "Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the\n'autoDeserialize' option filtering by adding blanks.  Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick \n\n https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674  to solve it.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.4.0"}, {"last_affected": "1.4.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z"}]}