Apache InLong Exposure of Resource to Wrong Sphere vulnerability

GHSA-f475-jgg3-3jwc · CVE-2023-31206

Published Jul 6, 2023 · Modified Feb 16, 2024

Description

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 to solve it.

References

7.5 / 10

HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Packages

Maven/org.apache.inlong:manager-dao

Fix 1.7.0

Introduced 1.4.0

3 affected versions

1.4.01.5.01.6.0

Maven/org.apache.inlong:manager-pojo

Fix 1.7.0

Introduced 1.4.0

3 affected versions

1.4.01.5.01.6.0

Maven/org.apache.inlong:manager-service

Fix 1.7.0

Introduced 1.4.0

3 affected versions

1.4.01.5.01.6.0

Maven/org.apache.inlong:manager-test

Fix 1.7.0

Introduced 1.4.0

3 affected versions

1.4.01.5.01.6.0

Maven/org.apache.inlong:manager-web

Fix 1.7.0

Introduced 1.4.0

3 affected versions

1.4.01.5.01.6.0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes