Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.inlong/manager-dao@1.4.0
Typemaven
Namespaceorg.apache.inlong
Namemanager-dao
Version1.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.7.0
Latest_non_vulnerable_version1.7.0
Affected_by_vulnerabilities
0
url VCID-242d-6bdt-9kbv
vulnerability_id VCID-242d-6bdt-9kbv
summary 
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 


An old session can be used by an attacker even after the user has been deleted or the password has been changed.


Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836, https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31065
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52545
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31065
1
reference_url https://github.com/apache/inlong
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong
2
reference_url https://github.com/apache/inlong/pull/7836
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong/pull/7836
3
reference_url https://github.com/apache/inlong/pull/7884
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong/pull/7884
4
reference_url https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-09T17:17:58Z/
url https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31065
reference_id CVE-2023-31065
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31065
6
reference_url https://github.com/advisories/GHSA-757p-7hp5-pqmr
reference_id GHSA-757p-7hp5-pqmr
reference_type
scores
url https://github.com/advisories/GHSA-757p-7hp5-pqmr
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-dao@1.7.0
purl pkg:maven/org.apache.inlong/manager-dao@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-dao@1.7.0
aliases CVE-2023-31065, GHSA-757p-7hp5-pqmr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-242d-6bdt-9kbv
1
url VCID-35x3-1q7f-eqcb
vulnerability_id VCID-35x3-1q7f-eqcb
summary 
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login
request and following it with a subsequent HTTP request
using the returned cookie.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31062
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54954
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31062
1
reference_url https://github.com/apache/inlong
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong
2
reference_url https://github.com/apache/inlong/pull/7836
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong/pull/7836
3
reference_url https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:54:58Z/
url https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31062
reference_id CVE-2023-31062
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31062
5
reference_url https://github.com/advisories/GHSA-q5p5-xg93-2jqc
reference_id GHSA-q5p5-xg93-2jqc
reference_type
scores
url https://github.com/advisories/GHSA-q5p5-xg93-2jqc
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-dao@1.7.0
purl pkg:maven/org.apache.inlong/manager-dao@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-dao@1.7.0
aliases CVE-2023-31062, GHSA-q5p5-xg93-2jqc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35x3-1q7f-eqcb
2
url VCID-phe3-ctkw-jfaw
vulnerability_id VCID-phe3-ctkw-jfaw
summary 
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 
Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31103
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70802
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31103
1
reference_url https://github.com/apache/inlong
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong
2
reference_url https://github.com/apache/inlong/pull/7891
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong/pull/7891
3
reference_url https://lists.apache.org/thread/bv51zhjookcnfbz8b0xsl9wv78sn0j1p
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:50:23Z/
url https://lists.apache.org/thread/bv51zhjookcnfbz8b0xsl9wv78sn0j1p
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31103
reference_id CVE-2023-31103
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31103
5
reference_url https://github.com/advisories/GHSA-7mhc-76hf-3jp9
reference_id GHSA-7mhc-76hf-3jp9
reference_type
scores
url https://github.com/advisories/GHSA-7mhc-76hf-3jp9
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-dao@1.7.0
purl pkg:maven/org.apache.inlong/manager-dao@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-dao@1.7.0
aliases CVE-2023-31103, GHSA-7mhc-76hf-3jp9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phe3-ctkw-jfaw
3
url VCID-qfyn-8g2m-ryct
vulnerability_id VCID-qfyn-8g2m-ryct
summary 
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.

 [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31206
reference_id
reference_type
scores
0
value 0.00854
scoring_system epss
scoring_elements 0.75328
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31206
1
reference_url https://github.com/apache/inlong
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong
2
reference_url https://github.com/apache/inlong/pull/7891
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/inlong/pull/7891
3
reference_url https://lists.apache.org/thread/qb7zffo785wzpmsobjqcypodngw6kg6x
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:49:05Z/
url https://lists.apache.org/thread/qb7zffo785wzpmsobjqcypodngw6kg6x
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31206
reference_id CVE-2023-31206
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31206
5
reference_url https://github.com/advisories/GHSA-f475-jgg3-3jwc
reference_id GHSA-f475-jgg3-3jwc
reference_type
scores
url https://github.com/advisories/GHSA-f475-jgg3-3jwc
fixed_packages
0
url pkg:maven/org.apache.inlong/manager-dao@1.7.0
purl pkg:maven/org.apache.inlong/manager-dao@1.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-dao@1.7.0
aliases CVE-2023-31206, GHSA-f475-jgg3-3jwc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfyn-8g2m-ryct
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-dao@1.4.0