GHSA-3p9p-59qf-mqwh

Suggest an improvement
Source
https://github.com/advisories/GHSA-3p9p-59qf-mqwh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-3p9p-59qf-mqwh/GHSA-3p9p-59qf-mqwh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3p9p-59qf-mqwh
Aliases
Published
2023-07-06T21:14:59Z
Modified
2024-02-16T08:17:30.822842Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Apache InLong has Files or Directories Accessible to External Parties
Details

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0.The user in InLong could cancel an application that doesn't belong to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 to solve it.

Database specific
{
    "nvd_published_at": "2023-05-22T16:15:09Z",
    "cwe_ids": [
        "CWE-552"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T23:27:00Z"
}
References

Affected packages

Maven / org.apache.inlong:manager-workflow

Package

Name
org.apache.inlong:manager-workflow
View open source insights on deps.dev
Purl
pkg:maven/org.apache.inlong/manager-workflow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.0
Fixed
1.7.0

Affected versions

1.*

1.2.0-incubating
1.3.0
1.4.0
1.5.0
1.6.0