Critical severityNVD Advisory· Published Jul 25, 2023· Updated Feb 13, 2025
Apache InLong: SQL injection in audit endpoint
CVE-2023-35088
Description
Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8198
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.inlong:manager-serviceMaven | >= 1.4.0, < 1.8.0 | 1.8.0 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-r5pv-7g89-cxmcghsaADVISORY
- lists.apache.org/thread/os7b66x4n8dbtrdpb7c6x37bb1vjb0tkghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-35088ghsaADVISORY
- seclists.org/fulldisclosure/2023/Jul/43ghsaWEB
- www.openwall.com/lists/oss-security/2023/07/25/4ghsaWEB
- github.com/apache/inlong/commit/cab63a8eea6c0f4bf3d30ce245b7e1beee42504dghsaWEB
- github.com/apache/inlong/pull/8198ghsaWEB
News mentions
0No linked articles in our index yet.