Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35088


Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.  In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8198


Published

2023-07-25T08:15:10.213

Last Modified

2025-02-13T17:16:39.580

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses
  • Type: Primary
    CWE-89

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache inlong ≤ 1.7.0 Yes

References