Maven package

org.apache.inlong/manager-pojo

pkg:maven/org.apache.inlong/manager-pojo

Vulnerabilities (17)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-27528	—	>= 1.13.0, < 2.2.0	2.2.0	May 28, 2025	Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade
CVE-2025-27526	—	>= 1.13.0, < 2.2.0	2.2.0	May 28, 2025	Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-
CVE-2025-27522	—	>= 1.13.0, < 2.2.0	2.2.0	May 28, 2025	Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it
CVE-2024-26579	—	>= 1.7.0, < 1.12.0	1.12.0	May 8, 2024	Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1]
CVE-2023-51784	—	>= 1.5.0, < 1.10.0	1.10.0	Jan 3, 2024	Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.
CVE-2023-51785	—	>= 1.5.0, < 1.10.0	1.10.0	Jan 3, 2024	Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve
CVE-2023-46227	—	>= 1.4.0, < 1.9.0	1.9.0	Oct 19, 2023	Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1]
CVE-2023-43668	—	>= 1.4.0, < 1.9.0	1.9.0	Oct 16, 2023	Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to A
CVE-2023-34434	—	>= 1.4.0, < 1.8.0	1.8.0	Jul 25, 2023	Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to A
CVE-2023-31062	—	>= 1.2.0, < 1.7.0	1.7.0	May 22, 2023	Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a log
CVE-2023-31065	—	>= 1.4.0, < 1.7.0	1.7.0	May 22, 2023	Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are ad
CVE-2023-31098	—	>= 1.1.0, < 1.47.0	1.47.0	May 22, 2023	Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password
CVE-2023-31101	—	>= 1.5.0, < 1.7.0	1.7.0	May 22, 2023	Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLon
CVE-2023-31103	—	>= 1.4.0, < 1.7.0	1.7.0	May 22, 2023	Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0
CVE-2023-31206	—	>= 1.4.0, < 1.7.0	1.7.0	May 22, 2023	Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or
CVE-2023-31058	—	>= 1.4.0, < 1.7.0	1.7.0	May 22, 2023	Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's
CVE-2023-30465	—	>= 1.4.0, < 1.6.0	1.6.0	Apr 11, 2023	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned co

CVE-2025-27528May 28, 2025
affected >= 1.13.0, < 2.2.0fixed 2.2.0
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade
CVE-2025-27526May 28, 2025
affected >= 1.13.0, < 2.2.0fixed 2.2.0
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-
CVE-2025-27522May 28, 2025
affected >= 1.13.0, < 2.2.0fixed 2.2.0
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it
CVE-2024-26579May 8, 2024
affected >= 1.7.0, < 1.12.0fixed 1.12.0
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1]
CVE-2023-51784Jan 3, 2024
affected >= 1.5.0, < 1.10.0fixed 1.10.0
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.
CVE-2023-51785Jan 3, 2024
affected >= 1.5.0, < 1.10.0fixed 1.10.0
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve
CVE-2023-46227Oct 19, 2023
affected >= 1.4.0, < 1.9.0fixed 1.9.0
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1]
CVE-2023-43668Oct 16, 2023
affected >= 1.4.0, < 1.9.0fixed 1.9.0
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to A
CVE-2023-34434Jul 25, 2023
affected >= 1.4.0, < 1.8.0fixed 1.8.0
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to A
CVE-2023-31062May 22, 2023
affected >= 1.2.0, < 1.7.0fixed 1.7.0
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a log
CVE-2023-31065May 22, 2023
affected >= 1.4.0, < 1.7.0fixed 1.7.0
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are ad
CVE-2023-31098May 22, 2023
affected >= 1.1.0, < 1.47.0fixed 1.47.0
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password
CVE-2023-31101May 22, 2023
affected >= 1.5.0, < 1.7.0fixed 1.7.0
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLon
CVE-2023-31103May 22, 2023
affected >= 1.4.0, < 1.7.0fixed 1.7.0
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0
CVE-2023-31206May 22, 2023
affected >= 1.4.0, < 1.7.0fixed 1.7.0
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or
CVE-2023-31058May 22, 2023
affected >= 1.4.0, < 1.7.0fixed 1.7.0
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's
CVE-2023-30465Apr 11, 2023
affected >= 1.4.0, < 1.6.0fixed 1.6.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned co