1. Home
  2. Vulnerabilities
  3. CVE-2023-43668

CVE-2023-43668

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 1.29 % (86th)
1.29% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, 

some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile"....

.  

Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.

[1]  https://github.com/apache/inlong/pull/8604

Weaknesses
CWE-639
Authorization Bypass Through User-Controlled Key
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2023-10-16 09:15:10
(11 months ago)
Updated Date
2023-11-14 10:15:30
(10 months ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Inlong from 1.4.0 version and 1.8.0 and prior versions cpe:2.3:a:apache:inlong >= 1.4.0 <= 1.8.0