Lucene search

[email protected]NVD:CVE-2023-43667

HistoryOct 16, 2023 - 9:15 a.m.

CVE-2023-43667

2023-10-1609:15:10

CWE-74

[email protected]

web.nvd.nist.gov

vulnerability

sql injection

apache inlong

upgrade

security

audit

trace

malicious activities

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.5%

JSON

Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit
and trace malicious activities. Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/8628

Affected configurations

Nvd

Node

apacheinlongRange1.4.0–1.8.0

VendorProductVersionCPE
apacheinlong*cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	inlong	*	cpe:2.3:a:apache:inlong::::::::

References

lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.5%

JSON

Related for NVD:CVE-2023-43667

vulnrichment1 cvelist1 veracode1 github1 osv1 cve1 prion1