Addressing Critical Security Vulnerabilities in Apache InLong: What You Need to Know
Apache InLong is a one-stop, full-scenario integration framework for massive data that supports Data Ingestion, Data Synchronization, and Data Subscription. It provides automatic, secure, and reliable data transmission capabilities, and supports both batch and stream data processing at the same time.
Recently, three security vulnerabilities have been discovered in Apache InLong. These vulnerabilities could allow attackers to gain unauthorized access to user data, inject malicious code into logs, or bypass authorization checks.
CVE-2023-43666: General user Unauthorized access User Management
This vulnerability allows general users to view all user data, including that of admin accounts. This could allow an attacker to gain unauthorized access to sensitive data, such as passwords, user roles, and system configuration settings. Affected entities are advised to upgrade to Apache InLong version 1.9.0. Alternatively, the cherry-pick patch can be applied to address this issue.
CVE-2023-43667: Log Injection in Global functions
This vulnerability allows an attacker to inject malicious SQL code into InLong logs. This could allow the attacker to create misleading or false records, making it harder to audit and trace malicious activities. Users should promptly upgrade to Apache InLong version 1.8.0. The cherry-pick patch remains another viable solution for this vulnerability.
CVE-2023-43668: Jdbc Connection Security Bypass in InLong
This vulnerability allows an attacker to bypass certain security checks, such as the autoDeserialize and allowLoadLocalInfile checks. This could allow the attacker to execute arbitrary code on the InLong server, or to load malicious files into the InLong database. Upgrading to Apache InLong version 1.9.0 is highly recommended. As with the other vulnerabilities, the cherry-pick patch is also a solution.
Apache InLong is a powerful data integration framework, but it is important to be aware of the security vulnerabilities that exist in the software. By upgrading to the latest version of InLong and applying the appropriate mitigations, you can help protect your data from unauthorized access and modification.
