PT-2023-28911 · Apache · Apache Inlong

Jayway

Publicado

2023-10-16

Atualizado

2025-06-16

CVE-2023-43667

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.4.0 through 1.8.0

Description The issue affects Apache InLong, allowing an attacker to create misleading or false log records. This makes it harder to audit and trace malicious activities. The estimated number of potentially affected devices is not provided.

Recommendations To solve the issue, users are advised to upgrade to Apache InLong's 1.9.0. As a temporary workaround, consider restricting access to log records until a patch is available. For versions prior to 1.9.0, cherry-pick https://github.com/apache/inlong/pull/8628 to solve the issue.

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2023-43667

GHSA-FPCF-QR79-HJQP

Produtos afetados

Apache Inlong

PT-2023-28911 · Apache · Apache Inlong

CVE-2023-43667

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8