Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.inlong/manager-service@1.7.0
Typemaven
Namespaceorg.apache.inlong
Namemanager-service
Version1.7.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.8.0
Latest_non_vulnerable_version1.8.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-19bg-p9mx-r7gg
vulnerability_id VCID-19bg-p9mx-r7gg
summary Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.
references
0
reference_url https://github.com/apache/inlong/pull/7775
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7775
1
reference_url https://lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf
reference_id
reference_type
scores
url https://lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31066
reference_id CVE-2023-31066
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31066
3
reference_url https://github.com/advisories/GHSA-wx79-r3q8-fq9h
reference_id GHSA-wx79-r3q8-fq9h
reference_type
scores
url https://github.com/advisories/GHSA-wx79-r3q8-fq9h
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31066, GHSA-wx79-r3q8-fq9h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19bg-p9mx-r7gg
1
url VCID-242d-6bdt-9kbv
vulnerability_id VCID-242d-6bdt-9kbv
summary 
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 


An old session can be used by an attacker even after the user has been deleted or the password has been changed.


Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836, https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.
references
0
reference_url https://github.com/apache/inlong/pull/7836
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7836
1
reference_url https://github.com/apache/inlong/pull/7884
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7884
2
reference_url https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf
reference_id
reference_type
scores
url https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31065
reference_id CVE-2023-31065
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31065
4
reference_url https://github.com/advisories/GHSA-757p-7hp5-pqmr
reference_id GHSA-757p-7hp5-pqmr
reference_type
scores
url https://github.com/advisories/GHSA-757p-7hp5-pqmr
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31065, GHSA-757p-7hp5-pqmr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-242d-6bdt-9kbv
2
url VCID-35x3-1q7f-eqcb
vulnerability_id VCID-35x3-1q7f-eqcb
summary 
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login
request and following it with a subsequent HTTP request
using the returned cookie.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.
references
0
reference_url https://github.com/apache/inlong/pull/7836
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7836
1
reference_url https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0
reference_id
reference_type
scores
url https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31062
reference_id CVE-2023-31062
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31062
3
reference_url https://github.com/advisories/GHSA-q5p5-xg93-2jqc
reference_id GHSA-q5p5-xg93-2jqc
reference_type
scores
url https://github.com/advisories/GHSA-q5p5-xg93-2jqc
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31062, GHSA-q5p5-xg93-2jqc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35x3-1q7f-eqcb
3
url VCID-dzjh-b3km-jycq
vulnerability_id VCID-dzjh-b3km-jycq
summary Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.
references
0
reference_url https://github.com/apache/inlong/pull/7836
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7836
1
reference_url https://lists.apache.org/thread/shvwwr6toqz5rr39rwh4k03z08sh9jmr
reference_id
reference_type
scores
url https://lists.apache.org/thread/shvwwr6toqz5rr39rwh4k03z08sh9jmr
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31101
reference_id CVE-2023-31101
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31101
3
reference_url https://github.com/advisories/GHSA-h79m-5cm2-278c
reference_id GHSA-h79m-5cm2-278c
reference_type
scores
url https://github.com/advisories/GHSA-h79m-5cm2-278c
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31101, GHSA-h79m-5cm2-278c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzjh-b3km-jycq
4
url VCID-phe3-ctkw-jfaw
vulnerability_id VCID-phe3-ctkw-jfaw
summary 
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 
Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
references
0
reference_url https://github.com/apache/inlong/pull/7891
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7891
1
reference_url https://lists.apache.org/thread/bv51zhjookcnfbz8b0xsl9wv78sn0j1p
reference_id
reference_type
scores
url https://lists.apache.org/thread/bv51zhjookcnfbz8b0xsl9wv78sn0j1p
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31103
reference_id CVE-2023-31103
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31103
3
reference_url https://github.com/advisories/GHSA-7mhc-76hf-3jp9
reference_id GHSA-7mhc-76hf-3jp9
reference_type
scores
url https://github.com/advisories/GHSA-7mhc-76hf-3jp9
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31103, GHSA-7mhc-76hf-3jp9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phe3-ctkw-jfaw
5
url VCID-qfyn-8g2m-ryct
vulnerability_id VCID-qfyn-8g2m-ryct
summary 
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.

 [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891
references
0
reference_url https://github.com/apache/inlong/pull/7891
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7891
1
reference_url https://lists.apache.org/thread/qb7zffo785wzpmsobjqcypodngw6kg6x
reference_id
reference_type
scores
url https://lists.apache.org/thread/qb7zffo785wzpmsobjqcypodngw6kg6x
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31206
reference_id CVE-2023-31206
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31206
3
reference_url https://github.com/advisories/GHSA-f475-jgg3-3jwc
reference_id GHSA-f475-jgg3-3jwc
reference_type
scores
url https://github.com/advisories/GHSA-f475-jgg3-3jwc
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31206, GHSA-f475-jgg3-3jwc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfyn-8g2m-ryct
6
url VCID-rcbv-vgws-ykb5
vulnerability_id VCID-rcbv-vgws-ykb5
summary 
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. 

The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1]

 https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947
references
0
reference_url https://github.com/apache/inlong/pull/7947
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7947
1
reference_url https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl
reference_id
reference_type
scores
url https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31454
reference_id CVE-2023-31454
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31454
3
reference_url https://github.com/advisories/GHSA-rf76-whgp-fp56
reference_id GHSA-rf76-whgp-fp56
reference_type
scores
url https://github.com/advisories/GHSA-rf76-whgp-fp56
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31454, GHSA-rf76-whgp-fp56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcbv-vgws-ykb5
7
url VCID-yajh-8gux-3bfe
vulnerability_id VCID-yajh-8gux-3bfe
summary 
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner
of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.

[1] 

 https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949
references
0
reference_url https://github.com/apache/inlong/pull/7949
reference_id
reference_type
scores
url https://github.com/apache/inlong/pull/7949
1
reference_url https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06
reference_id
reference_type
scores
url https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31453
reference_id CVE-2023-31453
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31453
3
reference_url https://github.com/advisories/GHSA-8rjh-3mhm-966q
reference_id GHSA-8rjh-3mhm-966q
reference_type
scores
url https://github.com/advisories/GHSA-8rjh-3mhm-966q
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31453, GHSA-8rjh-3mhm-966q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yajh-8gux-3bfe
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0