Lucene search
ApacheCVELIST:CVE-2023-31064HistoryMay 22, 2023 - 3:44 p.m.
CVE-2023-31064 Apache InLong: Insecurity direct object references cancelling applications
2023-05-2215:44:22
CWE-552
apache
www.cve.org
4
cve-2023-31064
apache inlong
insecurity direct object references
external parties vulnerability
apache software foundation
files accessible
directories accessible
upgrade
cherry-pick
EPSS
0.002
Percentile
61.1%
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel anย application that doesnโt belongs to it.ย Users are advised to upgrade to Apache InLongโs 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache InLong",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.6.0",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
}
]Related
osv
osv
Apache InLong has Files or Directories Accessible to External Parties
2023-07-06 21:14:59
CVE-2023-31064
2023-05-22 16:15:09
prion
prion
Xxe
2023-05-22 16:15:00
veracode
veracode
Insecure Direct Object References (IDOR)
2023-05-26 04:43:48
github
github
Apache InLong has Files or Directories Accessible to External Parties
2023-07-06 21:14:59
nvd
nvd
CVE-2023-31064
2023-05-22 16:15:09
cve
cve
CVE-2023-31064
2023-05-22 16:15:09
huntr
huntr
IDOR make users can withdraw other's application
2023-04-02 05:36:31
cnvd
cnvd
Apache InLong Security Bypass Vulnerability (CNVD-2023-42962)
2023-05-28 00:00:00