powerexploit commented on PR #8628: URL: https://github.com/apache/inlong/pull/8628#issuecomment-2235574162
In the NVD database and other vulnerability databases, this particular pull request has been associated with fixing the CVE-2023-43667. Affected versions of this package were vulnerable to SQL Injection via the DataNodeController.java and InlongClusterController.java components. An attacker can create misleading or false records, making it harder to audit and trace malicious activities. With this fix, it is mentioned that the vulnerability in DataNodeController.java and InlongClusterController.java components has been fixed. I am having trouble understanding whether this actually resolves the issue, or if there is an issue with the way the PR is associated with the vulnerability databases. @hnrainll @vernedeng @fuweng11 @liaosunny123 can anyone of you please confirm this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@inlong.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
