Homepage
About Snyk

org.apache.inlong:manager-pojo@1.6.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.inlong:manager-pojo package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Improper Control of Generation of Code ('Code Injection')

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to insufficient validation of user-supplied parameters. An attacker can execute arbitrary code by injecting malicious input into the code generation process.

How to fix Improper Control of Generation of Code ('Code Injection')?

Upgrade org.apache.inlong:manager-pojo to version 1.10.0 or higher.

[1.5.0,1.10.0)
  • H
Authorization Bypass Through User-Controlled Key

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the MySQLSinkDTO.java component. An attacker can bypass autoDeserizalize and allowLoadLocalInfile parameters and potentially gain access to sensitive data by manipulating these user-controlled keys.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade org.apache.inlong:manager-pojo to version 1.9.0-RC0 or higher.

[1.4.0,1.9.0-RC0)
  • H
Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper encoding check to the MySQL JDBC URL and improper validation of the allowLoadLocalInfile, allowUrlInLocalInfile, allowLoadLocalInfileInPath parameters.

The attacker could bypass the current logic and achieve arbitrary file reading.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.inlong:manager-pojo to version 1.8.0 or higher.

[1.4.0,1.8.0)
  • H
Weak Password Requirements

Affected versions of this package are vulnerable to Weak Password Requirements such that when users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account.

How to fix Weak Password Requirements?

Upgrade org.apache.inlong:manager-pojo to version 1.7.0 or higher.

[1.1.0,1.7.0)
  • M
Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data that allows attackers to bypass autoDeserialize option filtering by including whitespace in JDBC URLs.

Note: The maintainers have rated this vulnerability as having a moderate impact at the time of discovery.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.inlong:manager-pojo to version 1.7.0 or higher.

[1.4.0,1.7.0)
  • M
Exposure of Resource to Wrong Sphere

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere that allows attackers to change the immutable name and type of clusters.

How to fix Exposure of Resource to Wrong Sphere?

Upgrade org.apache.inlong:manager-pojo to version 1.7.0 or higher.

[1.4.0,1.7.0)
  • M
Insecure Default Initialization of Resource

Affected versions of this package are vulnerable to Insecure Default Initialization of Resource that allows users to see deleted users' data.

How to fix Insecure Default Initialization of Resource?

Upgrade org.apache.inlong:manager-pojo to version 1.7.0 or higher.

[1.5.0,1.7.0)
Go back to all versions of this package