CVE-2025-27528

Опубликовано: 28 мая 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Deserialization of Untrusted Data vulnerability in Apache InLong.

This issue affects Apache InLong: from 1.13.0 through 2.1.0.

This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/11747

Ссылки

https://github.com/apache/inlong/pull/11747
Issue Tracking
https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/05/28/3
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

Версия от 1.13.0 (включая) до 2.2.0 (исключая)

EPSS

Процентиль: 36%

0.0015

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-98v7-xxxv-hcrh

github

9 месяцев назад

Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

BDU:2025-06400