all InfoSec news
CVE-2023-35088 (inlong)
July 25, 2023, 8:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.
Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8198
apache apache software foundation attacks command cve foundation injection injection attacks issue may query software special sql sql injection sql query statement upgrade vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Intern, Cyber Security Vulnerability Management
@ Grab | Petaling Jaya, Malaysia
Compliance - Global Privacy Office - Associate - Bengaluru
@ Goldman Sachs | Bengaluru, Karnataka, India
Cyber Security Engineer (m/w/d) Operational Technology
@ MAN Energy Solutions | Oberhausen, DE, 46145
Armed Security Officer - Hospital
@ Allied Universal | Sun Valley, CA, United States
Governance, Risk and Compliance Officer (Africa)
@ dLocal | Lagos (Remote)