CVE-2023-43668: Authorization Bypass Through User-Controlled Key

October 16, 2023 (updated November 14, 2023)

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,

some sensitive params checks will be bypassed, like “autoDeserizalize”,“allowLoadLocalInfile”….

Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/8604

References

github.com/advisories/GHSA-rp6x-ggw6-8g56
github.com/apache/inlong/commit/46c4e96a84839bd540f47c659c9d8576e393da02
github.com/apache/inlong/pull/8604
lists.apache.org/thread/16gtk7rpdm1rof075ro83fkrnhbzn5sh
nvd.nist.gov/vuln/detail/CVE-2023-43668

Code Behaviors & Features

Detect and mitigate CVE-2023-43668 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →