Critical severityNVD Advisory· Published Oct 16, 2023· Updated Sep 16, 2024
Apache InLong: Jdbc Connection Security Bypass in InLong
CVE-2023-43668
Description
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,
some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile"....
.
Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8604
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.inlong:manager-pojoMaven | >= 1.4.0, < 1.9.0 | 1.9.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rp6x-ggw6-8g56ghsaADVISORY
- lists.apache.org/thread/16gtk7rpdm1rof075ro83fkrnhbzn5shghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-43668ghsaADVISORY
- github.com/apache/inlong/commit/46c4e96a84839bd540f47c659c9d8576e393da02ghsaWEB
- github.com/apache/inlong/pull/8604ghsaWEB
News mentions
0No linked articles in our index yet.