GHSA-w3wr-gmwf-r333

Suggest an improvement
Source
https://github.com/advisories/GHSA-w3wr-gmwf-r333
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-w3wr-gmwf-r333/GHSA-w3wr-gmwf-r333.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w3wr-gmwf-r333
Aliases
Published
2023-07-06T21:14:59Z
Modified
2024-02-16T08:17:42.747796Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Apache InLong has Weak Password Requirements in Apache InLong
Details

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 to solve it.

Database specific
{
    "nvd_published_at": "2023-05-22T16:15:10Z",
    "cwe_ids": [
        "CWE-521"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T23:43:59Z"
}
References

Affected packages

Maven / org.apache.inlong:manager-pojo

Package

Name
org.apache.inlong:manager-pojo
View open source insights on deps.dev
Purl
pkg:maven/org.apache.inlong/manager-pojo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.47.0

Affected versions

1.*

1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
1.10.0

Database specific

{
    "last_known_affected_version_range": "< 1.7.0"
}