CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51784 – Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager
https://notcve.org/view.php?id=CVE-2023-51784
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en Apache InLong. Este problema afecta a Apache InLong: desde 1.5.0 hasta 1.9.0, lo que podría provocar la ejecución remota de código. Se recomienda a los usuarios actualizar a Apache InLong 1.10.0 o seleccionar [1] para resolverlo. [1] https://github.com/apache/inlong/pull/9329 • http://www.openwall.com/lists/oss-security/2024/01/03/1 https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46227 – Apache inlong has an Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-46227
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814 Deserialización de la vulnerabilidad de datos no confiables en Apache Software Foundation Apache InLong. Este problema afecta a Apache InLong: desde 1.4.0 hasta 1.8.0, el atacante puede usar \t para evitarlo. Se recomienda a los usuarios actualizar a Apache InLong 1.9.0 o seleccionar [1] para resolverlo. [1] https://github.com/apache/inlong/pull/8814 • https://lists.apache.org/thread/m8txor4f76tmrxksrmc87tw42g57nz33 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43666 – Apache InLong: General user Unauthorized access User Management
https://notcve.org/view.php?id=CVE-2023-43666
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8623 Vulnerabilidad de Verificación Insuficiente de Autenticidad de Datos en Apache InLong. Este problema afecta a Apache InLong: desde la versión 1.4.0 hasta la 1.8.0, el usuario general puede ver todos los datos del usuario, como la cuenta de administrador. Se recomienda a los usuarios actualizar a Apache InLong 1.9.0 o al cherry-pick [1] para resolverlo. [1] https://github.com/apache/inlong/pull/8623 • https://lists.apache.org/thread/scbgh3ty3xcxm3q33r2t9f42gwwo1why • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-43667 – Apache InLong: Log Injection in Global functions
https://notcve.org/view.php?id=CVE-2023-43667
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628 Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de Comando SQL ('inyección SQL') en Apache InLong. Este problema afecta a Apache InLong: desde la versión 1.4.0 hasta la 1.8.0, el atacante puede crear registros engañosos o falsos, lo que dificulta la auditoría y rastrear actividades maliciosas. Se recomienda a los usuarios actualizar a Apache InLong 1.8.0 o al cherry-pick [1] para resolverlo. [1] https://github.com/apache/inlong/pull/8628 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628 • https://github.com/miguelc49/CVE-2023-43667-3 https://github.com/miguelc49/CVE-2023-43667-2 https://github.com/miguelc49/CVE-2023-43667-1 https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-43668 – Apache InLong: Jdbc Connection Security Bypass in InLong
https://notcve.org/view.php?id=CVE-2023-43668
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604 Vulnerabilidad de Omisión de Autorización a Través de la Clave Controlada por el Usuario en Apache InLong. Este problema afecta a Apache InLong: desde 1.4.0 hasta 1.8.0, se omitirán algunas comprobaciones de parámetros confidenciales, como ""autoDeserizalize"", ""allowLoadLocalInfile"".... Se recomienda a los usuarios actualizar a Apache InLong 1.9.0 o al cherry-pick [1] para resolverlo. [1] https://github.com/apache/inlong/pull/8604 • https://lists.apache.org/thread/16gtk7rpdm1rof075ro83fkrnhbzn5sh • CWE-639: Authorization Bypass Through User-Controlled Key •