Homepage
About Snyk

org.apache.inlong:manager-pojo@1.4.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.inlong:manager-pojo package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Authorization Bypass Through User-Controlled Key

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the MySQLSinkDTO.java component. An attacker can bypass autoDeserizalize and allowLoadLocalInfile parameters and potentially gain access to sensitive data by manipulating these user-controlled keys.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade org.apache.inlong:manager-pojo to version 1.9.0-RC0 or higher.

[1.4.0,1.9.0-RC0)
  • H
Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper encoding check to the MySQL JDBC URL and improper validation of the allowLoadLocalInfile, allowUrlInLocalInfile, allowLoadLocalInfileInPath parameters.

The attacker could bypass the current logic and achieve arbitrary file reading.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.inlong:manager-pojo to version 1.8.0 or higher.

[1.4.0,1.8.0)
  • H
Weak Password Requirements

Affected versions of this package are vulnerable to Weak Password Requirements such that when users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account.

How to fix Weak Password Requirements?

Upgrade org.apache.inlong:manager-pojo to version 1.7.0 or higher.

[1.1.0,1.7.0)
  • M
Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data that allows attackers to bypass autoDeserialize option filtering by including whitespace in JDBC URLs.

Note: The maintainers have rated this vulnerability as having a moderate impact at the time of discovery.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.inlong:manager-pojo to version 1.7.0 or higher.

[1.4.0,1.7.0)
  • M
Exposure of Resource to Wrong Sphere

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere that allows attackers to change the immutable name and type of clusters.

How to fix Exposure of Resource to Wrong Sphere?

Upgrade org.apache.inlong:manager-pojo to version 1.7.0 or higher.

[1.4.0,1.7.0)
  • H
SQL Injection

Affected versions of this package are vulnerable to SQL Injection such that by manipulating the orderType parameter and the ordering of the returned content, an attacker can extract the username of the user with ID 1 from the user table, one character at a time.

How to fix SQL Injection?

Upgrade org.apache.inlong:manager-pojo to version 1.6.0 or higher.

[1.4.0,1.6.0)
  • H
Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data from the MySQL JDBC URL in the MySQLDataNode.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.inlong:manager-pojo to version 1.6.0 or higher.

[1.1.0,1.6.0)
  • M
Authorization Bypass Through User-Controlled Key

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the filterSensitive function due to improper decoding the MySQL JDBC URL.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade org.apache.inlong:manager-pojo to version 1.6.0 or higher.

[0,1.6.0)
  • H
Out-of-bounds Read

Affected versions of this package are vulnerable to Out-of-bounds Read via the JDBC Connection due to improper encoding check to the MySQL JDBC URL.

How to fix Out-of-bounds Read?

Upgrade org.apache.inlong:manager-pojo to version 1.6.0 or higher.

[1.1.0,1.6.0)
Go back to all versions of this package