CVE-2023-31064

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.2.0 through 1.6.0

Description The issue affects Apache InLong, allowing a user to cancel an application that does not belong to them. This is related to the use of files and directories accessible to external parties due to incorrect restriction of the directory path name with limited access when loading files. Exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For Apache InLong versions 1.2.0 through 1.6.0, users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 to solve the issue. As a temporary workaround, consider restricting access to sensitive applications to minimize the risk of exploitation.