Lucene search
ApacheCVELIST:CVE-2023-35088HistoryJul 25, 2023 - 7:10 a.m.
CVE-2023-35088 Apache InLong: SQL injection in audit endpoint
2023-07-2507:10:19
CWE-89
apache
www.cve.org
3
apache inlong
sql injection
vulnerability
upgrade
EPSS
0.016
Percentile
87.8%
Improper Neutralization of Special Elements Used in an SQL Command (‘SQL Injection’) vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.
In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.
Users are advised to upgrade to Apache InLong’s 1.8.0 or cherry-pick [1] to solve it.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache InLong",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
}
]Related
github
github
SQL injection in audit endpoint
2023-07-25 09:30:18
prion
prion
Sql injection
2023-07-25 08:15:00
osv
osv
CVE-2023-35088
2023-07-25 08:15:10
SQL injection in audit endpoint
2023-07-25 09:30:18
cve
cve
CVE-2023-35088
2023-07-25 08:15:10
veracode
veracode
SQL Injection
2023-07-26 03:04:28
nvd
nvd
CVE-2023-35088
2023-07-25 08:15:10