Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-35088
HistoryJul 25, 2023 - 8:15 a.m.

CVE-2023-35088

2023-07-2508:15:10
Google
osv.dev
2
cve-2023-35088
sql injection
apache inlong
software vulnerability
upgrade

AI Score

8.2

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

Improper Neutralization of Special Elements Used in an SQL Command (‘SQL Injection’) vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. 
In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.
Users are advised to upgrade to Apache InLong’s 1.8.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/8198

Related

github 1
osv 1
prion 1
cvelist 1
veracode 1
nvd 1
cve 1
github
github
SQL injection in audit endpoint
2023-07-25 09:30:18
osv
osv
SQL injection in audit endpoint
2023-07-25 09:30:18
prion
prion
Sql injection
2023-07-25 08:15:00
cvelist
cvelist
CVE-2023-35088 Apache InLong: SQL injection in audit endpoint
2023-07-25 07:10:19
veracode
veracode
SQL Injection
2023-07-26 03:04:28
nvd
nvd
CVE-2023-35088
2023-07-25 08:15:10
cve
cve
CVE-2023-35088
2023-07-25 08:15:10

AI Score

8.2

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON
Related for OSV:CVE-2023-35088
github1osv1prion1cvelist1veracode1nvd1cve1