GHSA-fpcf-qr79-hjqp

Suggest an improvement
Source
https://github.com/advisories/GHSA-fpcf-qr79-hjqp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-fpcf-qr79-hjqp/GHSA-fpcf-qr79-hjqp.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-fpcf-qr79-hjqp
Aliases
  • CVE-2023-43667
Published
2023-10-16T09:30:19Z
Modified
2024-09-27T20:06:22.377175Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
SQL Injection in Apache InLong
Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/8628

Database specific
{
    "nvd_published_at": "2023-10-16T09:15:10Z",
    "cwe_ids": [
        "CWE-74",
        "CWE-89"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-17T14:23:44Z"
}
References

Affected packages

Maven / org.apache.inlong:inlong

Package

Name
org.apache.inlong:inlong
View open source insights on deps.dev
Purl
pkg:maven/org.apache.inlong/inlong

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.4.0
Fixed
1.8.0

Affected versions

1.*

1.4.0
1.5.0
1.6.0
1.7.0