Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.inlong/manager-web@1.6.0
purl pkg:maven/org.apache.inlong/manager-web@1.6.0
Next non-vulnerable version 1.7.0
Latest non-vulnerable version 1.7.0
Risk
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-19bg-p9mx-r7gg
Aliases:
CVE-2023-31066
GHSA-wx79-r3q8-fq9h
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.
1.7.0
Affected by 0 other vulnerabilities.
VCID-242d-6bdt-9kbv
Aliases:
CVE-2023-31065
GHSA-757p-7hp5-pqmr
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836, https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.
1.7.0
Affected by 0 other vulnerabilities.
VCID-35x3-1q7f-eqcb
Aliases:
CVE-2023-31062
GHSA-q5p5-xg93-2jqc
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.
1.7.0
Affected by 0 other vulnerabilities.
VCID-dzjh-b3km-jycq
Aliases:
CVE-2023-31101
GHSA-h79m-5cm2-278c
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.
1.7.0
Affected by 0 other vulnerabilities.
VCID-phe3-ctkw-jfaw
Aliases:
CVE-2023-31103
GHSA-7mhc-76hf-3jp9
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
1.7.0
Affected by 0 other vulnerabilities.
VCID-qfyn-8g2m-ryct
Aliases:
CVE-2023-31206
GHSA-f475-jgg3-3jwc
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891
1.7.0
Affected by 0 other vulnerabilities.
VCID-yajh-8gux-3bfe
Aliases:
CVE-2023-31453
GHSA-8rjh-3mhm-966q
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949
1.7.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T03:55:03.616341+00:00 GitLab Importer Affected by VCID-35x3-1q7f-eqcb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-web/CVE-2023-31062.yml 38.6.0
2026-06-06T03:54:57.741682+00:00 GitLab Importer Affected by VCID-qfyn-8g2m-ryct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-web/CVE-2023-31206.yml 38.6.0
2026-06-06T03:54:27.606763+00:00 GitLab Importer Affected by VCID-phe3-ctkw-jfaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-web/CVE-2023-31103.yml 38.6.0
2026-06-06T03:54:25.275990+00:00 GitLab Importer Affected by VCID-yajh-8gux-3bfe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-web/CVE-2023-31453.yml 38.6.0
2026-06-06T03:54:23.488412+00:00 GitLab Importer Affected by VCID-19bg-p9mx-r7gg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-web/CVE-2023-31066.yml 38.6.0
2026-06-06T03:54:21.075252+00:00 GitLab Importer Affected by VCID-242d-6bdt-9kbv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-web/CVE-2023-31065.yml 38.6.0
2026-06-06T03:46:13.228134+00:00 GitLab Importer Affected by VCID-dzjh-b3km-jycq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-web/CVE-2023-31101.yml 38.6.0