CVE-2023-43667

CWE-74CWE-89SQL Injection4 documents4 sources
Severity
7.5HIGH
EPSS
2.2%
top 15.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache InlongApache Inlong
Timeline
PublishedOct 16

Description

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.inlong:inlong1.4.01.8.0
NVDapache/inlong1.4.01.8.0
CVEListV5apache_software_foundation/apache_inlong1.4.01.8.0

🔴Vulnerability Details

3
GHSA
SQL Injection in Apache InLong2023-10-16
CVEList
Apache InLong: Log Injection in Global functions2023-10-16
OSV
SQL Injection in Apache InLong2023-10-16
CVE-2023-43667 (HIGH CVSS 7.5) | Improper Neutralization of Special | cvebase.io