PT-2023-9156 · Apache · Apache Inlong

X1R0Z

Published

2023-11-23

Updated

2025-05-16

CVE-2023-51784

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.5.0 through 1.9.0

Description The issue is related to an Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong, which could lead to Remote Code Execution. This vulnerability affects Apache InLong versions from 1.5.0 through 1.9.0.

Recommendations To solve the issue, users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick the solution provided in https://github.com/apache/inlong/pull/9329.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2024-04253

CVE-2023-51784

GHSA-9XG9-HH45-XCM6

Affected Products

Apache Inlong

PT-2023-9156 · Apache · Apache Inlong

CVE-2023-51784

Weakness Enumeration

Related Identifiers

Affected Products

References · 20