Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-43667

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628

Published

2023-10-16T09:15:10.500

Last Modified

2025-06-16T17:15:26.830

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-74

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	inlong	≤ 1.8.0	Yes

References

https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543 Mailing List ([email protected])
https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543 Mailing List (af854a3a-2127-422b-91ae-364da2661108)