oss-sec mailing list archives
CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users
From: Charles Zhang <dockerzhang () apache org>
Date: Sun, 21 May 2023 08:19:26 +0000
Severity: important Affected versions: - Apache InLong 1.5.0 through 1.6.0 Description: Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 References: https://inlong.apache.org https://www.cve.org/CVERecord?id=CVE-2023-31101
Current thread:
- CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users Charles Zhang (May 21)