Vulnerability Description
Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8198
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Inlong | >= 1.4.0, <= 1.7.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2023/Jul/43Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2023/07/25/4Mailing ListThird Party Advisory
- https://lists.apache.org/thread/os7b66x4n8dbtrdpb7c6x37bb1vjb0tkMailing ListVendor Advisory
- http://seclists.org/fulldisclosure/2023/Jul/43Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2023/07/25/4Mailing ListThird Party Advisory
- https://lists.apache.org/thread/os7b66x4n8dbtrdpb7c6x37bb1vjb0tkMailing ListVendor Advisory
FAQ
What is CVE-2023-35088?
CVE-2023-35088 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7....
How severe is CVE-2023-35088?
CVE-2023-35088 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-35088?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Inlong.