Apache InLong could allow a remote attacker to obtain sensitive information, caused by an unsafe deserialization flaw by the allowLoadLocalInfileInPath parameter. By sending a specially crafted request, an attacker could exploit this vulnerability to read arbitrary files, and use this information to launch further attacks against the affected system.
Apache InLong could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to delete and update the process.
Apache InLong is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements to the audit endpoint, which could allow the attacker to view, add, modify or delete information in the back-end database.
Upgrade to the latest version of Apache InLong, available from the Apache Web site.