CVE-2023-31103: Apache InLong: Attackers can change the immutable name and type of cluster
First published: Mon May 22 2023(Updated: )
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache InLong | >=1.4.0<=1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-31103?
CVE-2023-31103 is an exposure of resource to wrong sphere vulnerability in Apache Software Foundation Apache InLong.
Which versions of Apache InLong are affected by CVE-2023-31103?
Versions 1.4.0 through 1.6.0 of Apache InLong are affected by CVE-2023-31103.
How can attackers exploit CVE-2023-31103?
Attackers can change the immutable name and type of cluster of InLong using CVE-2023-31103.
What is the severity of CVE-2023-31103?
CVE-2023-31103 has a severity score of 7.5, which is considered high.
How can I fix CVE-2023-31103?
To fix CVE-2023-31103, users are advised to upgrade to Apache InLong's version 1.7.0 or apply the cherry-pick.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/title
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/apache
- canonical/apache inlong
- version/apache inlong/1.4.0
- version/apache inlong/1.6.0