Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zcDlwLTU5cWYtbXF3aM4AA0c4
Apache InLong has Files or Directories Accessible to External Parties
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0.The user in InLong could cancel an application that doesn't belong to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 to solve it.
Permalink: https://github.com/advisories/GHSA-3p9p-59qf-mqwhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcDlwLTU5cWYtbXF3aM4AA0c4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Percentage: 0.00231
EPSS Percentile: 0.60767
Identifiers: GHSA-3p9p-59qf-mqwh, CVE-2023-31064
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-31064
- https://lists.apache.org/thread/1osd2k3t3qol2wdsswqtr9gxdkf78n00
- https://github.com/apache/inlong/pull/7799
- https://github.com/advisories/GHSA-3p9p-59qf-mqwh
Blast Radius: 11.6
Affected Packages
maven:org.apache.inlong:manager-workflow
Dependent packages: 2Dependent repositories: 35
Downloads:
Affected Version Ranges: >= 1.2.0, < 1.7.0
Fixed in: 1.7.0
All affected versions: 1.3.0, 1.4.0, 1.5.0, 1.6.0
All unaffected versions: 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.13.0, 2.0.0