Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.inlong/manager-common@1.7.0

Type maven

Namespace org.apache.inlong

Name manager-common

Version 1.7.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.11.0

Latest_non_vulnerable_version 1.11.0

Affected_by_vulnerabilities

url VCID-xpef-tqp1-pfac

vulnerability_id VCID-xpef-tqp1-pfac

summary

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.

This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/8814

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46227

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13615
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46227

reference_url

https://github.com/apache/inlong

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/inlong

reference_url

https://github.com/apache/inlong/pull/8814

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/inlong/pull/8814

reference_url

https://lists.apache.org/thread/m8txor4f76tmrxksrmc87tw42g57nz33

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-12T20:02:20Z/

url

https://lists.apache.org/thread/m8txor4f76tmrxksrmc87tw42g57nz33

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46227

reference_id

CVE-2023-46227

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46227

reference_url	https://github.com/advisories/GHSA-jj32-3pf5-5mv5
reference_id	GHSA-jj32-3pf5-5mv5
reference_type
scores
url	https://github.com/advisories/GHSA-jj32-3pf5-5mv5

fixed_packages

url pkg:maven/org.apache.inlong/manager-common@1.9.0

purl pkg:maven/org.apache.inlong/manager-common@1.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v3gr-qf3y-skck

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-common@1.9.0

aliases CVE-2023-46227, GHSA-jj32-3pf5-5mv5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xpef-tqp1-pfac

Fixing_vulnerabilities

url VCID-tnt8-a4ft-2ue5

vulnerability_id VCID-tnt8-a4ft-2ue5

summary

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the
'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick 

 https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31058

reference_id

reference_type

scores

value	0.00338
scoring_system	epss
scoring_elements	0.56918
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31058

reference_url

https://github.com/apache/inlong

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/inlong

reference_url

https://github.com/apache/inlong/pull/7674

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/inlong/pull/7674

reference_url

https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:48:04Z/

url

https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-31058

reference_id

CVE-2023-31058

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-31058

reference_url	https://github.com/advisories/GHSA-c3rh-f2w5-fghm
reference_id	GHSA-c3rh-f2w5-fghm
reference_type
scores
url	https://github.com/advisories/GHSA-c3rh-f2w5-fghm

fixed_packages

url pkg:maven/org.apache.inlong/manager-common@1.7.0

purl pkg:maven/org.apache.inlong/manager-common@1.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xpef-tqp1-pfac

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-common@1.7.0

aliases CVE-2023-31058, GHSA-c3rh-f2w5-fghm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnt8-a4ft-2ue5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-common@1.7.0

Package Instance