Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2024/01/04 12:28 p.m.18 views

Arbitrary File Read

org.apache.inlong: manager-pojo is vulnerable to Arbitrary File Read. The vulnerability is caused due to lack of validation performed while deserializing untrusted data. An attacker can perform an arbitrary file read using mysql driver...

7.5CVSS7.1AI score0.00307EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2023/10/23 9:42 a.m.19 views

Deserialization Of Untrusted Data

org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to filterSensitive function in MySQLSinkDTO.java not properly sanitizing whitespace characters, especially the horizontal tab \t, in URL parameters, which allows these characters to bypass...

7.5CVSS8.2AI score0.00043EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2023/10/17 8:9 p.m.16 views

Information Disclosure

org.apache.inlong: manager-web is vulnerable to Information Disclosure. The vulnerability is due to the list and getByName functions in UserController.java lacking Role-Based Access Control. This allows any authenticated user to access data that meant for admin regardless of their role...

6.5CVSS6.7AI score0.00537EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2023/05/26 3:54 a.m.19 views

Privilege Escalation

org.apache.inlong is vulnerable to Privilege Escalation. The vulnerability exists because the library does not properly remove the permission when deleting a user, allowing an attacker with a valid but unprivileged account to send malicious login requests and follow it with a subsequent HTTP...

9.8CVSS6.7AI score0.00257EPSS
Exploits0References3Affected Software4
Veracode
Veracodeadded 2023/05/26 2:15 a.m.23 views

Insecure Direct Object References (IDOR)

org.apache.inlong is vulnerable to Insecure Direct Object References IDOR. The vulnerability exists due to a lack of permission verification for stream sources, which allows an attacker to access files or directories of external users and delete, edit, stop, and start others' sources...

9.1CVSS6.6AI score0.00455EPSS
Exploits0References3Affected Software2
Veracode
Veracodeadded 2023/04/12 9:29 a.m.26 views

SQL Injection

org.apache.inlong:manager-service is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the orderType parameter in InlongGroupServiceImpl.java allows a malicious user to inject and execute arbitrary SQL queries on the target system...

5.3CVSS6.8AI score0.00608EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2023/02/02 6:11 a.m.16 views

Out-Of-Bounds Read

org.apache.inlong, manager-pojo is vulnerable to Out-Of-Bounds Reads. An out-of-bounds read vulnerability exists in MySQLSinkDTO.java which may lead to exfiltration of memory resulting in disclosure of sensitive information...

7.5CVSS7AI score0.00894EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder