Homepage
About Snyk

org.apache.inlong:manager-service@1.7.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.inlong:manager-service package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper input handling during the deserialization process. An attacker can perform arbitrary file read attacks by exploiting the MySQL driver.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.inlong:manager-service to version 1.10.0 or higher.

[1.7.0,1.10.0)
  • H
SQL Injection

Affected versions of this package are vulnerable to SQL Injection in the toAuditCkSql() method in AuditServiceImpl.java, which is accessible via the audit endpoint. The groupId, streamId, auditId, and dt parameters are concatenated unchecked into an SQL query.

How to fix SQL Injection?

Upgrade org.apache.inlong:manager-service to version 1.8.0 or higher.

[1.4.0,1.8.0)
  • M
Exposure of Resource to Wrong Sphere

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere that allows a user to delete or update a process, which only the admin should have permission to do.

How to fix Exposure of Resource to Wrong Sphere?

Upgrade org.apache.inlong:manager-service to version 1.8.0 or higher.

[1.4.0,1.8.0)
Go back to all versions of this package