Description
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/07/25/2
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s
Related Vulnerabilities
CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2022-29219 Vulnerability in npm package @chainsafe/lodestar
CVE-2019-19899 Vulnerability in maven package io.pebbletemplates:pebble
CVE-2021-46440 Vulnerability in npm package strapi
CVE-2021-4264 Vulnerability in maven package org.webjars.bower:dustjs-linkedin