CVE-2023-31064
Apache InLong has Files or Directories Accessible to External Parties
7.5
HIGH
CVSS 3.1
EPSS 0.23%
Description
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0.The user in InLong could cancel an application that doesn't belong to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 to solve it.
How to fix CVE-2023-31064
To remediate CVE-2023-31064, upgrade the affected package to a fixed version below.
- —upgrade to 1.7.0 or later
Is CVE-2023-31064 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.2.0, < 1.7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |