Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-757p-7hp5-pqmr

GitHub Security Advisory

Apache InLong Insufficient Session Expiration vulnerability

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 

An old session can be used by an attacker even after the user has been deleted or the password has been changed.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 or https://github.com/apache/inlong/pull/7884 to solve it.

Affected Packages

Maven org.apache.inlong:manager-pojo
Affected versions: 1.4.0 (fixed in 1.7.0)
Maven org.apache.inlong:manager-dao
Affected versions: 1.4.0 (fixed in 1.7.0)
Maven org.apache.inlong:manager-web
Affected versions: 1.4.0 (fixed in 1.7.0)
Maven org.apache.inlong:manager-service
Affected versions: 1.4.0 (fixed in 1.7.0)

Related CVEs

CVE-2023-31065

Key Information

GHSA ID
GHSA-757p-7hp5-pqmr
Published
July 6, 2023 9:14 PM
Last Modified
July 6, 2023 11:13 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.inlong:manager-pojo
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.