CVE-2023-31206
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
7.5
HIGH
CVSS 3.1
EPSS 0.85%
Description
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 to solve it.
How to fix CVE-2023-31206
To remediate CVE-2023-31206, upgrade the affected package to a fixed version below.
- —upgrade to 1.7.0 or later
- —upgrade to 1.7.0 or later
- —upgrade to 1.7.0 or later
- —upgrade to 1.7.0 or later
- —upgrade to 1.7.0 or later
Is CVE-2023-31206 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- >= 1.4.0, < 1.7.0
- >= 1.4.0, < 1.7.0
- >= 1.4.0, < 1.7.0
- >= 1.4.0, < 1.7.0
- >= 1.4.0, < 1.7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |