Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.inlong/manager-service@1.2.0
Typemaven
Namespaceorg.apache.inlong
Namemanager-service
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.6.0
Latest_non_vulnerable_version1.8.0
Affected_by_vulnerabilities
0
url VCID-35x3-1q7f-eqcb
vulnerability_id VCID-35x3-1q7f-eqcb
summary 
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login
request and following it with a subsequent HTTP request
using the returned cookie.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.
references
0
reference_url https://github.com/apache/inlong
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong
1
reference_url https://github.com/apache/inlong/pull/7836
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong/pull/7836
2
reference_url https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31062
reference_id CVE-2023-31062
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31062
4
reference_url https://github.com/advisories/GHSA-q5p5-xg93-2jqc
reference_id GHSA-q5p5-xg93-2jqc
reference_type
scores
url https://github.com/advisories/GHSA-q5p5-xg93-2jqc
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31062, GHSA-q5p5-xg93-2jqc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35x3-1q7f-eqcb
1
url VCID-rcbv-vgws-ykb5
vulnerability_id VCID-rcbv-vgws-ykb5
summary 
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. 

The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1]

 https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947
references
0
reference_url https://github.com/apache/inlong
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong
1
reference_url https://github.com/apache/inlong/pull/7947
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong/pull/7947
2
reference_url https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31454
reference_id CVE-2023-31454
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31454
4
reference_url https://github.com/advisories/GHSA-rf76-whgp-fp56
reference_id GHSA-rf76-whgp-fp56
reference_type
scores
url https://github.com/advisories/GHSA-rf76-whgp-fp56
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31454, GHSA-rf76-whgp-fp56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcbv-vgws-ykb5
2
url VCID-yajh-8gux-3bfe
vulnerability_id VCID-yajh-8gux-3bfe
summary 
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner
of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.

[1] 

 https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949
references
0
reference_url https://github.com/apache/inlong
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong
1
reference_url https://github.com/apache/inlong/pull/7949
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong/pull/7949
2
reference_url https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31453
reference_id CVE-2023-31453
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31453
4
reference_url https://github.com/advisories/GHSA-8rjh-3mhm-966q
reference_id GHSA-8rjh-3mhm-966q
reference_type
scores
url https://github.com/advisories/GHSA-8rjh-3mhm-966q
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-service@1.7.0
purl pkg:maven/org.apache.inlong/manager-service@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0
aliases CVE-2023-31453, GHSA-8rjh-3mhm-966q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yajh-8gux-3bfe
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.2.0