Apache Software Foundation Apache Inlong vulnerabilities

CVE-2023-31206 [HIGH] CWE-668 CVE-2023-31206: Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://cveprocess.apache.org/cve5/[1]%

CVE-2023-31064 [HIGH] CWE-552 CVE-2023-31064: Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apac Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7

CVE-2023-31103 [HIGH] CWE-668 CVE-2023-31103: Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.c

CVE-2023-31453 [HIGH] CWE-732 CVE-2023-31453: Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Ap Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] t

CVE-2023-31058 [HIGH] CWE-502 CVE-2023-31058: Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This iss Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7674 https://

CVE-2023-31101 [MEDIUM] CWE-1188 CVE-2023-31101: Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLon Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 htt

CVE-2023-30465 [MEDIUM] CWE-89 CVE-2023-30465: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the usernam

CVE-2023-27296 [HIGH] CWE-502 CVE-2023-27296: Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It cou Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2

CVE-2023-24997 [CRITICAL] CWE-502 CVE-2023-24997: Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This iss Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it.

CVE-2023-24977 [HIGH] CWE-125 CVE-2023-24977: Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apac Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it.

CVE-2022-40955 [HIGH] CWE-502 CVE-2022-40955: In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apach