oss-sec mailing list archives
CVE-2023-43667: Apache InLong: Log Injection in Global functions
From: Charles Zhang <dockerzhang () apache org>
Date: Mon, 16 Oct 2023 01:51:39 +0000
Severity: moderate Affected versions: - Apache InLong 1.4.0 through 1.8.0 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628 References: https://inlong.apache.org https://www.cve.org/CVERecord?id=CVE-2023-43667
Current thread:
- CVE-2023-43667: Apache InLong: Log Injection in Global functions Charles Zhang (Oct 15)