Lucene search

GitHub Advisory DatabaseGHSA-FPCF-QR79-HJQP

HistoryOct 16, 2023 - 9:30 a.m.

SQL Injection in Apache InLong

2023-10-1609:30:19

CWE-74

CWE-89

GitHub Advisory Database

github.com

apache inlong

sql injection

vulnerability

misleading records

upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.5%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit
and trace malicious activities. Users are advised to upgrade to Apache InLong’s 1.8.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/8628

Affected configurations

Vulners

Node

org.apache.inlonginlongRange1.4.0–1.8.0

VendorProductVersionCPE
org.apache.inlonginlong*cpe:2.3:a:org.apache.inlong:inlong:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.inlong	inlong	*	cpe:2.3:a:org.apache.inlong:inlong::::::::

References

github.com/advisories/GHSA-fpcf-qr79-hjqp

github.com/apache/inlong/pull/8628

lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543

nvd.nist.gov/vuln/detail/CVE-2023-43667

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.5%

JSON

Related for GHSA-FPCF-QR79-HJQP