[MAVEN:GHSA-RP6X-GGW6-8G56] Authorization Bypass in Apache InLong
Severity
Critical
Affected Packages
1
Fixed Packages
1
CVEs
1
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,
some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile"....
.
Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.inlong/manager-pojo
|
>= 1.4.0, < 1.9.0 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.inlong/manager-pojo
|
= 1.9.0 |
- ID
- MAVEN:GHSA-RP6X-GGW6-8G56
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-rp6x-ggw6-8g56
- Published
-
2023-10-16T09:30:19
(11 months ago) - Modified
-
2023-11-14T21:13:49
(10 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.apache.inlong/manager-pojo | org.apache.inlong |
manager-pojo
|
>= 1.4.0 < 1.9.0 | |||
| Fixed | pkg:maven/org.apache.inlong/manager-pojo | org.apache.inlong |
manager-pojo
|
= 1.9.0 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |