Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.inlong/manager-pojo@1.5.0

Type maven

Namespace org.apache.inlong

Name manager-pojo

Version 1.5.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.6.0

Latest_non_vulnerable_version 1.47.0

Affected_by_vulnerabilities

url VCID-cxqk-swjn-ruaq

vulnerability_id VCID-cxqk-swjn-ruaq

summary

Apache InLong Manager Remote Code Execution vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.

[1]  https://github.com/apache/inlong/pull/9329

references

reference_url	https://github.com/apache/inlong
reference_id
reference_type
scores
url	https://github.com/apache/inlong

reference_url	https://github.com/apache/inlong/commit/1607837be28438c0ccae8da15afb653f2afed090
reference_id
reference_type
scores
url	https://github.com/apache/inlong/commit/1607837be28438c0ccae8da15afb653f2afed090

reference_url	https://github.com/apache/inlong/pull/9329
reference_id
reference_type
scores
url	https://github.com/apache/inlong/pull/9329

reference_url	https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j
reference_id
reference_type
scores
url	https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-51784
reference_id	CVE-2023-51784
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-51784

reference_url	https://github.com/advisories/GHSA-9xg9-hh45-xcm6
reference_id	GHSA-9xg9-hh45-xcm6
reference_type
scores
url	https://github.com/advisories/GHSA-9xg9-hh45-xcm6

fixed_packages

url	pkg:maven/org.apache.inlong/manager-pojo@1.10.0
purl	pkg:maven/org.apache.inlong/manager-pojo@1.10.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-pojo@1.10.0

aliases CVE-2023-51784, GHSA-9xg9-hh45-xcm6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxqk-swjn-ruaq

url VCID-dzjh-b3km-jycq

vulnerability_id VCID-dzjh-b3km-jycq

summary Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

references

reference_url	https://github.com/apache/inlong/pull/7836
reference_id
reference_type
scores
url	https://github.com/apache/inlong/pull/7836

reference_url	https://lists.apache.org/thread/shvwwr6toqz5rr39rwh4k03z08sh9jmr
reference_id
reference_type
scores
url	https://lists.apache.org/thread/shvwwr6toqz5rr39rwh4k03z08sh9jmr

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-31101
reference_id	CVE-2023-31101
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-31101

reference_url	https://github.com/advisories/GHSA-h79m-5cm2-278c
reference_id	GHSA-h79m-5cm2-278c
reference_type
scores
url	https://github.com/advisories/GHSA-h79m-5cm2-278c

fixed_packages

url	pkg:maven/org.apache.inlong/manager-pojo@1.7.0
purl	pkg:maven/org.apache.inlong/manager-pojo@1.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-pojo@1.7.0

aliases CVE-2023-31101, GHSA-h79m-5cm2-278c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzjh-b3km-jycq

url VCID-qvta-52a2-tqcm

vulnerability_id VCID-qvta-52a2-tqcm

summary

Apache InLong Manager Arbitrary File Read Vulnerability
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.

[1]  https://github.com/apache/inlong/pull/9331

references

reference_url	https://github.com/apache/inlong
reference_id
reference_type
scores
url	https://github.com/apache/inlong

reference_url	https://github.com/apache/inlong/commit/d674bfe28416aff728eabafc1f6b8bb9ba5a5b8e
reference_id
reference_type
scores
url	https://github.com/apache/inlong/commit/d674bfe28416aff728eabafc1f6b8bb9ba5a5b8e

reference_url	https://github.com/apache/inlong/pull/9331
reference_id
reference_type
scores
url	https://github.com/apache/inlong/pull/9331

reference_url	https://lists.apache.org/thread/g0yjmtjqvp8bnf1j0tdsk0nhfozjdjno
reference_id
reference_type
scores
url	https://lists.apache.org/thread/g0yjmtjqvp8bnf1j0tdsk0nhfozjdjno

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-51785
reference_id	CVE-2023-51785
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-51785

reference_url	https://github.com/advisories/GHSA-crwj-2r3c-gx2g
reference_id	GHSA-crwj-2r3c-gx2g
reference_type
scores
url	https://github.com/advisories/GHSA-crwj-2r3c-gx2g

fixed_packages

url	pkg:maven/org.apache.inlong/manager-pojo@1.10.0
purl	pkg:maven/org.apache.inlong/manager-pojo@1.10.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-pojo@1.10.0

aliases CVE-2023-51785, GHSA-crwj-2r3c-gx2g

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvta-52a2-tqcm

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-pojo@1.5.0

Package Instance