Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit
and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8628
References
Link | Resource |
---|---|
https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543 | Mailing List |
Configurations
History
27 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628 | |
CWE | CWE-74 |
19 Oct 2023, 16:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:* | |
References | (MISC) https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543 - Mailing List | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Apache
Apache inlong |
16 Oct 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 09:15
Updated : 2024-09-27 12:15
NVD link : CVE-2023-43667
Mitre link : CVE-2023-43667
CVE.ORG link : CVE-2023-43667
JSON object : View
Products Affected
apache
- inlong
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')