{"schema_version": "1.6.1", "id": "CVE-2023-34434", "summary": "JDBC URL bypassing by allowLoadLocalInfileInPath param", "details": "Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. \n\nThe attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick  https://github.com/apache/inlong/pull/8130 .\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.4.0"}, {"last_affected": "1.4.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/7f1o71w5r732cspltmtdydn01gllf4jo"}]}