Lucene search
ApacheCVELIST:CVE-2023-43667HistoryOct 16, 2023 - 8:08 a.m.
CVE-2023-43667 Apache InLong: Log Injection in Global functions
2023-10-1608:08:01
CWE-74
apache
www.cve.org
2
apache inlong
sql injection
security vulnerability
upgrade recommendation
EPSS
0.001
Percentile
38.5%
Improper Neutralization of Special Elements in Output Used by a Downstream Component (βInjectionβ) vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit
and trace malicious activities.Β Users are advised to upgrade to Apache InLongβs 1.9.0 or cherry-pick [1] to solve it.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache InLong",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-43667 Apache InLong: Log Injection in Global functions
2023-10-16 08:08:01
veracode
veracode
SQL Injection
2023-10-17 08:05:30
github
github
SQL Injection in Apache InLong
2023-10-16 09:30:19
osv
osv
SQL Injection in Apache InLong
2023-10-16 09:30:19
cve
cve
CVE-2023-43667
2023-10-16 09:15:10
prion
prion
Sql injection
2023-10-16 09:15:00
nvd
nvd
CVE-2023-43667
2023-10-16 09:15:10