GHSA-rp6x-ggw6-8g56

Опубликовано: 16 окт. 2023

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Authorization Bypass in Apache InLong

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,

some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile"....

Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/8604

Ссылки

Пакеты

Наименование

org.apache.inlong:manager-pojo

maven

Затронутые версииВерсия исправления

>= 1.4.0, < 1.9.0

1.9.0

EPSS

Процентиль: 17%

0.00054

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2023-43668

Дефекты

CWE-502

CWE-639

Связанные уязвимости

CVE-2023-43668

CVSS3: 9.8

nvd

больше 2 лет назад

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604

EPSS

Процентиль: 17%

0.00054

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2023-43668

Дефекты

CWE-502

CWE-639