Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mcGNmLXFyNzktaGpxcM4AA2dw
SQL Injection in Apache InLong
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit
and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8628
Permalink: https://github.com/advisories/GHSA-fpcf-qr79-hjqpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcGNmLXFyNzktaGpxcM4AA2dw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 4 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Percentage: 0.0011
EPSS Percentile: 0.44886
Identifiers: GHSA-fpcf-qr79-hjqp, CVE-2023-43667
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-43667
- https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543
- https://github.com/apache/inlong/pull/8628
- https://github.com/advisories/GHSA-fpcf-qr79-hjqp
Blast Radius: 1.0
Affected Packages
maven:org.apache.inlong:inlong
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 1.4.0, < 1.8.0
Fixed in: 1.8.0
All affected versions: 1.4.0, 1.5.0, 1.6.0, 1.7.0
All unaffected versions: 1.3.0, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.13.0, 2.0.0