Lucene search
K
ApacheInlong

32 matches found

CVE
CVE
added 2023/04/11 2:35 p.m.218 views

CVE-2023-30465

CVE-2023-30465 describes an SQL injection in Apache InLong (versions 1.4.0–1.5.0). The issue arises from improper neutralization of special elements in SQL commands, allowing manipulation of the orderType parameter to influence query ordering and potentially extract the username of the user with ...

5.3CVSS5.8AI score0.01164EPSS
CVE
CVE
added 2022/09/20 1:50 p.m.100 views

CVE-2022-40955

CVE-2022-40955 affects Apache InLong, prior to version 1.3.0. The vulnerability arises from unsafe deserialization of data received via the MySQL JDBC connection URL parameters, allowing an attacker with privileges to supply these parameters and write arbitrary data to the MySQL database to cause...

8.8CVSS8.9AI score0.02059EPSS
CVE
CVE
added 2024/05/08 3:6 p.m.97 views

CVE-2024-26579

CVE-2024-26579 is a Deserialization of Untrusted Data vulnerability in Apache InLong affecting 1.7.0–1.11.0. It can allow high-impact access to confidentiality, integrity, and availability (CVSS v3.1: 9.8). Remediation: upgrade to InLong 1.12.0 or cherry-pick PRs 9694 and 9707 as fix paths. Explo...

9.8CVSS9.5AI score0.0113EPSS
CVE
CVE
added 2024/08/02 9:44 a.m.95 views

CVE-2024-36268

Summary: Apache InLong versions 1.10.0–1.12.0 are affected by a Code Injection vulnerability that could enable Remote Code Execution. The root cause is improper control of code generation. Impact is described as remote execution with potential abuse of affected components (e.g., TubeMQ client). A...

9.8CVSS7AI score0.01173EPSS
CVE
CVE
added 2024/03/06 12:7 p.m.92 views

CVE-2024-26580

The CVE-2024-26580 issue affects Apache InLong 1.8.0–1.10.0 and is caused by deserialization of untrusted data, enabling a payload to read arbitrary files on the host. Impact is high confidentiality, with potential total control of data exposure per the sources. Remediation is to upgrade to InLon...

9.1CVSS9.1AI score0.0122EPSS
CVE
CVE
added 2023/10/16 8:8 a.m.86 views

CVE-2023-43667

CVE-2023-43667 affects Apache InLong (versions 1.4.0–1.8.0). The issue is an improper neutralization of special elements in output used by a downstream component, leading to injection that can create misleading or false log records and hinder auditing. Red Hat and other sources corroborate the vu...

7.5CVSS7.4AI score0.01226EPSS
CVE
CVE
added 2023/02/01 2:49 p.m.85 views

CVE-2023-24997

CVE-2023-24997 describes a Deserialization of Untrusted Data vulnerability in Apache InLong, affecting versions 1.1.0 through 1.5.0. The issue arises from insecure deserialization within InLong’s runtime, enabling arbitrary code execution in the application context. The publicly stated remediatio...

9.8CVSS9.5AI score0.01409EPSS
CVE
CVE
added 2023/10/16 8:8 a.m.82 views

CVE-2023-43666

CVE-2023-43666 concerns Apache InLong (versions 1.4.0–1.8.0) with Insufficient Verification of Data Authenticity, enabling a general user to view all user data (including admin data). The issue is documented across multiple sources and is addressed by upgrading to 1.9.0 or applying the provided p...

6.5CVSS6.3AI score0.00432EPSS
CVE
CVE
added 2023/05/22 3:31 p.m.81 views

CVE-2023-31098

CVE-2023-31098 concerns Apache InLong, affected in versions 1.1.0 through 1.6.0. The underlying issue is weak password requirements: the application does not enforce sufficient password complexity, enabling attackers to guess passwords and gain account access. The risk is described as a high impa...

9.8CVSS9.5AI score0.01233EPSS
CVE
CVE
added 2023/03/27 2:10 p.m.78 views

CVE-2023-27296

CVE-2023-27296 affects Apache InLong versions 1.1.0–1.5.0. The root cause is unsafe deserialization of untrusted data in the JDBC flow (notably MySQLDataNode), enabling potential code execution. Impact is high (CVSS 3.1 base score 8.8; Confidentiality, Integrity, Availability all High). A fix exi...

8.8CVSS8.6AI score0.01475EPSS
CVE
CVE
added 2023/07/25 7:10 a.m.76 views

CVE-2023-35088

CVE-2023-35088 affects Apache InLong versions 1.4.0–1.7.0. The root cause is in the toAuditCkSql method, where groupId, streamId, auditId, and dt are directly concatenated into the SQL query, enabling SQL injection. The vulnerability can impact confidentiality, integrity, and availability (CVSS v...

9.8CVSS10AI score0.01193EPSS
CVE
CVE
added 2023/05/22 3:17 p.m.75 views

CVE-2023-31101

CVE-2023-31101 affects Apache InLong 1.5.0–1.6.0 and allows users registered later to see data from deleted users due to insecure default initialization of resources. The vulnerability is categorized as an information disclosure issue; the publicly available fix is to upgrade to InLong 1.7.0 or c...

6.5CVSS6.4AI score0.0111EPSS
CVE
CVE
added 2023/07/25 7:9 a.m.74 views

CVE-2023-34434

CVE-2023-34434 affects Apache InLong (versions 1.4.0–1.7.0). It is a deserialization of untrusted data vulnerability that could bypass logic and read arbitrary files. The remediation is to upgrade to InLong 1.8.0 or apply the patch from PR 8130. Connected sources corroborate the affected versions...

7.5CVSS7.5AI score0.01323EPSS
CVE
CVE
added 2024/01/03 9:39 a.m.72 views

CVE-2023-51784

The CVE-2023-51784 entry describes an Improper Control of Generation of Code (Code Injection) vulnerability in Apache InLong Manager affecting InLong versions 1.5.0–1.9.0. Root cause is code injection allowing remote code execution. Impact per sources is high/critical (RCE) with network access an...

9.8CVSS9.7AI score0.01723EPSS
CVE
CVE
added 2025/05/28 8:7 a.m.72 views

CVE-2025-27526

CVE-2025-27526 affects Apache InLong versions 1.13.0 through 2.1.0 and is due to insecure deserialization of untrusted data, which can enable a JDBC URL-encoding/backspace bypass vulnerability. The issue’s remediation is to upgrade to InLong 2.2.0 or cherry-pick the confirmed fix from GitHub (PR ...

6.5CVSS6.9AI score0.00671EPSS
CVE
CVE
added 2023/02/01 9:9 a.m.70 views

CVE-2023-24977

CVE-2023-24977 is an Out-of-bounds Read vulnerability affecting Apache InLong versions 1.1.0 through 1.5.0. The Red Hat and CVE records describe it as an information-disclosure risk via an out-of-bounds read, with a remediation path to upgrade to the latest InLong release or to cherry-pick the pa...

7.5CVSS7.5AI score0.0116EPSS
CVE
CVE
added 2023/07/25 7:8 a.m.70 views

CVE-2023-34189

CVE-2023-34189 affects Apache InLong versions 1.4.0–1.7.0. The issue is a permission-check flaw that allows a general user to delete or update processes, which should be admin-only. Remediation is to upgrade to InLong 1.8.0 or apply the patch from PR #8109 (linked in sources). Connected sources c...

6.5CVSS6.3AI score0.00933EPSS
CVE
CVE
added 2023/05/22 12:54 p.m.67 views

CVE-2023-31058

Summary (CVE-2023-31058): Deserialization of untrusted data in Apache InLong (1.4.0–1.6.0) allows attackers to bypass the autoDeserialize filtering by inserting blanks. This can enable unintended behavior as described; no exploitation details are provided here. Impact: high likelihood of bypass o...

7.5CVSS7.5AI score0.01228EPSS
CVE
CVE
added 2023/05/22 3:44 p.m.67 views

CVE-2023-31064

CVE-2023-31064 affects Apache InLong 1.2.0–1.6.0. The issue stems from files/directories being accessible to external parties, allowing a user to cancel an application that does not belong to them. The root cause is improper restrictions on the directory path when loading files. Exploitation is p...

7.5CVSS7.4AI score0.01247EPSS
CVE
CVE
added 2025/05/28 8:12 a.m.67 views

CVE-2025-27528

CVE-2025-27528 describes a deserialization of untrusted data vulnerability in Apache InLong (versions 1.13.0–2.1.0) that can bypass InLong JDBC security and lead to arbitrary file reading. Public sources (Red Hat, NVD, and CVE records) consistently indicate the affected component as InLong JDBC a...

9.1CVSS7.2AI score0.00576EPSS
CVE
CVE
added 2025/06/06 2:55 p.m.66 views

CVE-2025-27531

Apache InLong (1.13.0–2.1.0) has a deserialization of untrusted data vulnerability that can allow an authenticated attacker to read arbitrary files by double writing a parameter. The issue stems from unsafe deserialization handling in the JDBC flow. A fixed version is 2.1.0; upgrade to 2.1.0 to m...

9.8CVSS6.5AI score0.00576EPSS
CVE
CVE
added 2023/05/22 1:25 p.m.65 views

CVE-2023-31453

Apache InLong has a vulnerability CVE-2023-31453: incorrect permission assignment in versions 1.2.0–1.6.0 that allows deleting other users’ subscriptions. The issue is introduced in the access control for subscriptions and is not present in 1.7.0+. Remediation: upgrade to InLong 1.7.0 or cherry-p...

7.5CVSS7.5AI score0.01182EPSS
CVE
CVE
added 2025/05/28 8:6 a.m.65 views

CVE-2025-27522

Technical details about CVE-2025-27522 are not publicly available in the provided documents. The entry notes affected versions and a fix in 2.2.0, but no further technical specifics are provided; monitor for updates.

6.5CVSS6.8AI score0.00671EPSS
CVE
CVE
added 2023/05/22 1:58 p.m.63 views

CVE-2023-31206

CVE-2023-31206 describes an Exposure of Resource to Wrong Sphere vulnerability affecting Apache InLong versions 1.4.0–1.6.0. The flaw allows an attacker to change the immutable name and type of InLong nodes due to exposure to the wrong sphere. Remediation across sources is to upgrade to InLong 1....

7.5CVSS7.4AI score0.01247EPSS
CVE
CVE
added 2023/05/22 1:23 p.m.62 views

CVE-2023-31454

CVE-2023-31454 affects Apache InLong versions 1.2.0–1.6.0. The root cause is an Incorrect Permission Assignment for a Critical Resource that allows a remote attacker to bind any cluster, even if not the cluster owner. The impact described is an elevation of privileges within InLong clusters; no e...

7.5CVSS7.5AI score0.01182EPSS
CVE
CVE
added 2023/05/22 3:35 p.m.60 views

CVE-2023-31066

CVE-2023-31066 affects Apache InLong versions 1.4.0–1.6.0. It enables different users to delete, edit, stop, and start others’ sources due to files/directories accessible to external parties. Remediation: upgrade to InLong 1.7.0 or cherry-pick PR #7775 (as referenced). If exploitation details are...

9.1CVSS9.2AI score0.01355EPSS
CVE
CVE
added 2024/01/03 9:36 a.m.60 views

CVE-2023-51785

Summary: CVE-2023-51785 affects Apache InLong (Manager) versions 1.7.0–1.9.0. The issue is a deserialization of untrusted data flaw that enables an arbitrary file read via the MySQL driver. Root cause and impact are described as a deserialization vulnerability enabling file reads; no exploitation...

7.5CVSS7.4AI score0.01012EPSS
CVE
CVE
added 2023/05/22 3:40 p.m.56 views

CVE-2023-31065

Apache InLong versions 1.4.0–1.6.0 are affected by an Insufficient Session Expiration vulnerability. An old session can be reused by an attacker even after the user is deleted or the password changed. Affected product: Apache InLong (1.4.0–1.6.0). Root cause: insufficient session expiration leadi...

9.1CVSS9.3AI score0.01162EPSS
CVE
CVE
added 2023/10/16 8:7 a.m.56 views

CVE-2023-43668

Affected product: Apache InLong (versions 1.4.0–1.8.0). Issue: Authorization Bypass Through User-Controlled Key; some sensitive parameter checks can be bypassed (e.g., autoDeserizalize, allowLoadLocalInfile). Impact: high confidentiality, integrity, and availability exposure per CVSS. Remediation...

9.8CVSS9.4AI score0.01009EPSS
CVE
CVE
added 2023/05/22 3:13 p.m.55 views

CVE-2023-31103

CVE-2023-31103 describes an exposure of resource to wrong sphere vulnerability in Apache InLong, affecting versions 1.4.0–1.6.0. The issue allows attackers to change the immutable name and type of an InLong cluster, constituting an integrity risk. Remediation: upgrade to InLong 1.7.0 or cherry‑pi...

7.5CVSS7.4AI score0.01304EPSS
CVE
CVE
added 2023/10/19 9:40 a.m.53 views

CVE-2023-46227

CVE-2023-46227 — InLong deserialization vulnerability : Affects Apache InLong 1.4.0–1.8.0 due to unsafe deserialization of untrusted data. Exploitation could bypass security controls and lead to code execution or partial impact (integrity loss) per CVSS 3.1: High, vector NETWORK, low complexity, ...

7.5CVSS7.4AI score0.00969EPSS
CVE
CVE
added 2023/05/22 3:47 p.m.51 views

CVE-2023-31062

CVE-2023-31062 documents an Apache InLong Privilege Escalation vulnerability (affected versions 1.2.0–1.6.0). The issue arises from improper privilege management, allowing an attacker who has a valid but unprivileged account to escalate privileges by sending a login request (e.g., via Burp Suite)...

9.8CVSS9.6AI score0.01289EPSS