← Back to CVEs
CVE-2023-43667
HIGH7.5
Description
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/16/2023
Last Modified6/16/2025
Sourcenvd
Honeypot Sightings0
Affected Products
apache:inlong
Weaknesses (CWE)
CWE-74
References
https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543(security@apache.org)
https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.