Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13M3dyLWdtd2YtcjMzM84AA0cy
Apache InLong has Weak Password Requirements in Apache InLong
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 to solve it.
Permalink: https://github.com/advisories/GHSA-w3wr-gmwf-r333JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13M3dyLWdtd2YtcjMzM84AA0cy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-w3wr-gmwf-r333, CVE-2023-31098
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-31098
- https://lists.apache.org/thread/1fvloc3no1gbffzrcsx9ltsg08wr2d1w
- https://github.com/apache/inlong/pull/7805
- https://github.com/advisories/GHSA-w3wr-gmwf-r333
Blast Radius: 14.5
Affected Packages
maven:org.apache.inlong:manager-pojo
Dependent packages: 3Dependent repositories: 30
Downloads:
Affected Version Ranges: >= 1.1.0, < 1.7.0
Fixed in: 1.47.0
All affected versions: 1.3.0, 1.4.0, 1.5.0, 1.6.0
All unaffected versions: 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.13.0, 2.0.0