cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-26579,https://securityvulnerability.io/vulnerability/CVE-2024-26579,Deserialization of Untrusted Data Vulnerability Affects Apache InLong,"Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,  the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2]  https://github.com/apache/inlong/pull/9707 ",Apache,Apache Inlong,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-08T15:06:23.829Z,0 CVE-2024-26580,https://securityvulnerability.io/vulnerability/CVE-2024-26580,Deserialization of Untrusted Data vulnerability in Apache InLong,"Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673 ",Apache,Apache Inlong,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-06T12:07:28.140Z,0 CVE-2023-51785,https://securityvulnerability.io/vulnerability/CVE-2023-51785,Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager,"A deserialization of untrusted data vulnerability exists in Apache InLong that allows attackers to perform arbitrary file read attacks via the MySQL driver. This affects versions 1.7.0 through 1.9.0 of the product. Users are strongly recommended to upgrade to version 1.10.0 of Apache InLong or apply relevant patches to mitigate this vulnerability, ensuring the integrity and security of their deployments.",Apache,Apache Inlong,7.5,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2024-01-03T10:15:00.000Z,0 CVE-2023-51784,https://securityvulnerability.io/vulnerability/CVE-2023-51784,Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager,"A vulnerability exists in Apache InLong due to improper control of code generation, which may lead to remote code execution. This issue affects versions from 1.5.0 to 1.9.0, allowing malicious actors to exploit the code injection flaw if proper security measures are not in place. Users are strongly encouraged to upgrade to Apache InLong version 1.10.0 to address these security concerns. For a patch, users should refer to the update available in the project's repository.",Apache,Apache InLong,9.8,CRITICAL,0.004840000066906214,false,,false,false,false,,,false,false,,2024-01-03T10:15:00.000Z,0 CVE-2023-46227,https://securityvulnerability.io/vulnerability/CVE-2023-46227,Apache inlong has an Arbitrary File Read Vulnerability,"A deserialization vulnerability in Apache InLong allows attackers to bypass security mechanisms. This issue affects versions 1.4.0 to 1.8.0, enabling potential exploitation through untrusted data. It is recommended that users upgrade to version 1.9.0 or implement the fix identified in pull request 8814 to mitigate risks.",Apache,Apache Inlong,7.5,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2023-10-19T10:15:00.000Z,0 CVE-2023-43668,https://securityvulnerability.io/vulnerability/CVE-2023-43668,Apache InLong: Jdbc Connection Security Bypass in InLong,"An Authorization Bypass vulnerability in Apache InLong versions 1.4.0 to 1.8.0 allows attackers to bypass checks on sensitive parameters, such as 'autoDeserialize' and 'allowLoadLocalInfile'. This issue can lead to unauthorized access or manipulation of data. Users are strongly advised to upgrade to Apache InLong version 1.9.0 or apply necessary patches to rectify this security gap. For further information and resolution, reference the Apache public advisory.",Apache,Apache Inlong,9.8,CRITICAL,0.05177000164985657,false,,false,false,false,,,false,false,,2023-10-16T09:15:00.000Z,0 CVE-2023-43667,https://securityvulnerability.io/vulnerability/CVE-2023-43667,Apache InLong: Log Injection in Global functions,"An injection vulnerability in Apache InLong affects versions from 1.4.0 to 1.8.0, allowing attackers to manipulate log records. This manipulation can obscure malicious activities, complicating the audit and tracing processes. Users should upgrade to Apache InLong version 1.9.0 to address this issue.",Apache,Apache Inlong,7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2023-10-16T09:15:00.000Z,0 CVE-2023-43666,https://securityvulnerability.io/vulnerability/CVE-2023-43666,Apache InLong: General user Unauthorized access User Management,"Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,  General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/8623 ",Apache,Apache Inlong,6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-10-16T09:15:00.000Z,0 CVE-2023-35088,https://securityvulnerability.io/vulnerability/CVE-2023-35088,Apache InLong: SQL injection in audit endpoint,"An SQL Injection vulnerability exists in Apache InLong versions 1.4.0 through 1.7.0 due to improper handling of special elements in SQL commands. The method toAuditCkSql improperly concatenates parameters such as groupId, streamId, auditId, and dt into SQL queries. This oversight may expose the application to SQL injection attacks, allowing attackers to manipulate SQL statements and potentially gain unauthorized access to the database. Users are strongly recommended to upgrade to version 1.8.0 to address this issue effectively.",Apache,Apache Inlong,9.8,CRITICAL,0.009960000403225422,false,,false,false,false,,,false,false,,2023-07-25T08:15:00.000Z,0 CVE-2023-34434,https://securityvulnerability.io/vulnerability/CVE-2023-34434,Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param,"A deserialization vulnerability exists in Apache InLong versions 1.4.0 to 1.7.0, allowing attackers to bypass application logic and read arbitrary files. To mitigate this risk, users are strongly advised to upgrade to version 1.8.0 or to apply the relevant patch from the Apache GitHub repository. Maintaining updated software is crucial in protecting against potential exploits associated with this vulnerability.",Apache,Apache Inlong,7.5,HIGH,0.0025599999353289604,false,,false,false,false,,,false,false,,2023-07-25T08:15:00.000Z,0 CVE-2023-34189,https://securityvulnerability.io/vulnerability/CVE-2023-34189,Apache InLong: General user can delete and update process,"Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.  Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109  to solve it. ",Apache,Apache Inlong,6.5,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2023-07-25T08:15:00.000Z,0 CVE-2023-31098,https://securityvulnerability.io/vulnerability/CVE-2023-31098,Apache InLong: Weak Password Implementation in InLong,"The Apache InLong application has a weakness in its password creation policy, allowing users to set simple passwords that can be easily guessed by attackers. This vulnerability affects versions 1.1.0 through 1.6.0. Users are strongly encouraged to upgrade to version 1.7.0 or manually apply recommended patches to ensure better account security.",Apache,Apache Inlong,9.8,CRITICAL,0.07999999821186066,false,,false,false,false,,,false,false,,2023-05-22T16:15:00.000Z,0 CVE-2023-31101,https://securityvulnerability.io/vulnerability/CVE-2023-31101,Apache InLong: Users who joined later can see the data of deleted users,"Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. ",Apache,Apache Inlong,6.5,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2023-05-22T16:15:00.000Z,0 CVE-2023-31103,https://securityvulnerability.io/vulnerability/CVE-2023-31103,Apache InLong: Attackers can change the immutable name and type of cluster,"The vulnerability in Apache InLong allows attackers to alter the immutable names and types of clusters, leading to potential misconfigurations and unauthorized access. Affected versions include Apache InLong from 1.4.0 to 1.6.0, and it is strongly recommended for users to upgrade to version 1.7.0 or apply the necessary patches to mitigate this security issue.",Apache,Apache Inlong,7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2023-05-22T16:15:00.000Z,0 CVE-2023-31065,https://securityvulnerability.io/vulnerability/CVE-2023-31065,Apache InLong: Insufficient Session Expiration in InLong,The Insufficient Session Expiration vulnerability in Apache InLong allows attackers to exploit old sessions even after a user account is deleted or the password is changed. This can lead to unauthorized access and compromise user security. Users are encouraged to upgrade to version 1.7.0 or implement the required changes as noted in the pull requests provided by the Apache Software Foundation to mitigate this issue.,Apache,Apache Inlong,9.1,CRITICAL,0.005030000116676092,false,,false,false,false,,,false,false,,2023-05-22T16:15:00.000Z,0 CVE-2023-31064,https://securityvulnerability.io/vulnerability/CVE-2023-31064,Apache InLong: Insecurity direct object references cancelling applications,"A vulnerability in Apache InLong versions 1.2.0 through 1.6.0 allows users to cancel applications that do not belong to them, which could expose sensitive files or directories to unauthorized external access. Users are strongly advised to upgrade to version 1.7.0 or apply the specific fix as outlined in the GitHub pull request provided by Apache to mitigate this issue. Ensuring your software is up-to-date is critical for maintaining the security of your systems.",Apache,Apache Inlong,7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2023-05-22T16:15:00.000Z,0 CVE-2023-31062,https://securityvulnerability.io/vulnerability/CVE-2023-31062,Apache InLong: Privilege escalation vulnerability for InLong,"A vulnerability exists in Apache InLong that enables unauthorized access through improper privilege management. Attackers with valid yet unprivileged accounts can exploit this weakness to execute malicious actions by manipulating login requests and using session cookies. To mitigate this issue, it is crucial for users to upgrade to version 1.7.0 or apply the patch available on GitHub.",Apache,Apache Inlong,9.8,CRITICAL,0.07999999821186066,false,,false,false,false,,,false,false,,2023-05-22T16:15:00.000Z,0 CVE-2023-31066,https://securityvulnerability.io/vulnerability/CVE-2023-31066,Apache InLong: Insecure direct object references for inlong sources,"A vulnerability has been identified in Apache InLong that enables different users to inadvertently interact with and manipulate the sources of others. Specifically, users operating on versions ranging from 1.4.0 to 1.6.0 can delete, edit, stop, or start the data sources belonging to other users. This lack of proper access controls raises significant security concerns regarding user data integrity and system stability. To mitigate this issue, users are urged to upgrade to version 1.7.0 or apply the necessary fixes as detailed in the provided GitHub pull request.",Apache,Apache Inlong,9.1,CRITICAL,0.003280000062659383,false,,false,false,false,,,false,false,,2023-05-22T16:15:00.000Z,0 CVE-2023-31454,https://securityvulnerability.io/vulnerability/CVE-2023-31454,Apache InLong: IDOR make users can bind any cluster,"A vulnerability exists in Apache InLong that allows unauthorized users to bind any cluster within the system, regardless of their ownership status. This improper permission assignment affects versions 1.2.0 through 1.6.0 of Apache InLong, posing a potential risk to cluster integrity. Users are strongly encouraged to upgrade to version 1.7.0 or apply appropriate patches to mitigate this issue effectively.",Apache,Apache Inlong,7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2023-05-22T14:15:00.000Z,0 CVE-2023-31453,https://securityvulnerability.io/vulnerability/CVE-2023-31453,Apache InLong: IDOR make users can delete others' subscription,"The vulnerability in Apache InLong arises from improper permission assignment, enabling attackers to delete subscriptions owned by other users. This flaw affects Apache InLong versions 1.2.0 through 1.6.0. Users are strongly recommended to upgrade to Apache InLong version 1.7.0 or apply appropriate patches to safeguard against potential exploitation. Details regarding the fix can be found in the official Apache GitHub repository.",Apache,Apache Inlong,7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2023-05-22T14:15:00.000Z,0 CVE-2023-31206,https://securityvulnerability.io/vulnerability/CVE-2023-31206,Apache InLong: Attackers can change the immutable name and type of nodes,"The vulnerability in Apache InLong allows attackers to change the immutable name and type of nodes, potentially leading to unauthorized access to resources. Users running Apache InLong versions from 1.4.0 to 1.6.0 are advised to upgrade to version 1.7.0 or apply specific patches to mitigate this issue.",Apache,Apache Inlong,7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2023-05-22T14:15:00.000Z,0 CVE-2023-31058,https://securityvulnerability.io/vulnerability/CVE-2023-31058,Apache InLong: JDBC URL bypassing by adding blanks,"The vulnerability in Apache InLong allows attackers to bypass the 'autoDeserialize' option filtering by inserting blank spaces. This exploit can lead to potential malicious payload execution. Users are strongly encouraged to upgrade to Apache InLong version 1.7.0 or apply relevant patches to mitigate the risk. For more details, refer to the vendor advisory.",Apache,Apache Inlong,7.5,HIGH,0.0017300000181421638,false,,false,false,false,,,false,false,,2023-05-22T13:15:00.000Z,0 CVE-2023-30465,https://securityvulnerability.io/vulnerability/CVE-2023-30465,Apache InLong: SQL injection in apache inLong 1.5.0,"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the ""orderType"" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the   user with ID 1 from the ""user"" table, one character at a time.  Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529 ",Apache,Apache Inlong,5.3,MEDIUM,0.001769999973475933,false,,false,false,false,,,false,false,,2023-04-11T15:15:00.000Z,0 CVE-2023-27296,https://securityvulnerability.io/vulnerability/CVE-2023-27296,Apache InLong: JDBC Deserialization Vulnerability in InLong,"A deserialization of untrusted data vulnerability has been identified in Apache InLong, which could be exploited by authenticated users. This flaw allows attackers to potentially manipulate serialized data, leading to unpredictable behavior in the application. It is crucial for users operating versions from 1.1.0 to 1.5.0 to update to the latest version to mitigate these risks. For those unable to upgrade immediately, cherry-picking the patch from the official GitHub repository is recommended to address the vulnerability efficiently.",Apache,Apache Inlong,8.8,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0 CVE-2023-24997,https://securityvulnerability.io/vulnerability/CVE-2023-24997,Apache InLong: Jdbc Connection Security Bypass,"A deserialization of untrusted data vulnerability exists in Apache InLong versions 1.1.0 to 1.5.0, which could potentially allow attackers to execute malicious code. Users are encouraged to upgrade to the latest version or apply a patch available in the GitHub repository to mitigate this vulnerability.",Apache,Apache InLong,9.8,CRITICAL,0.19227999448776245,false,,false,false,false,,,false,false,,2023-02-01T15:15:00.000Z,0