CVE-2023-51784 — Apache InLong Manager Remote Code Execution vulnerability

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329

How to fix CVE-2023-51784

To remediate CVE-2023-51784, upgrade the affected package to a fixed version below.

—upgrade to 1.10.0 or later

Is CVE-2023-51784 being exploited?

Moderate — EPSS is 7.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 1.5.0, < 1.10.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-51784
PATCHgithub.com/apache/inlong
WEBgithub.com/apache/inlong/commit/1607837be28438c0ccae8da15afb653f2afed090
WEBgithub.com/apache/inlong/pull/9329
WEB