CVE-2023-43668
CVSS V2 None
CVSS V3 None
Description
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,
some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile"....
.
Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8604
Overview
- CVE ID
- CVE-2023-43668
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-10-16T08:07:42.681Z
- Last Modified Date
- 2023-11-14T10:01:09.463Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/16gtk7rpdm1rof075ro83fkrnhbzn5sh | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-43668 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43668 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 15:45:47 | Added to TrackCVE |