Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-22 | CVE-2023-31066 | Files or Directories Accessible to External Parties vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0 Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. | 9.1 |
| 2023-05-22 | CVE-2023-31098 | Weak Password Requirements vulnerability in Apache Inlong Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it. | 9.8 |
| 2023-05-22 | CVE-2023-31101 | Insecure Default Initialization of Resource vulnerability in Apache Inlong 1.5.0/1.6.0 Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. | 6.5 |
| 2023-05-22 | CVE-2023-31103 | Exposure of Resource to Wrong Sphere vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0 Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it. | 7.5 |
| 2023-05-22 | CVE-2023-31206 | Exposure of Resource to Wrong Sphere vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0 Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. | 7.5 |
| 2023-05-22 | CVE-2023-31453 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Inlong Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. | 7.5 |
| 2023-05-22 | CVE-2023-31454 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Inlong Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. | 7.5 |
| 2023-05-22 | CVE-2023-31058 | Deserialization of Untrusted Data vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0 Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. | 7.5 |
| 2023-05-22 | CVE-2023-28709 | Off-by-one Error vulnerability in multiple products The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. | 7.5 |
| 2023-05-15 | CVE-2022-47937 | Improper Input Validation vulnerability in Apache Sling Commons Json Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. | 9.8 |