VYPR
Moderate severityNVD Advisory· Published May 28, 2025· Updated May 28, 2025

Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

CVE-2025-27528

Description

Deserialization of Untrusted Data vulnerability in Apache InLong.

This issue affects Apache InLong: from 1.13.0 through 2.1.0.

This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/11747

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.inlong:manager-pojoMaven
>= 1.13.0, < 2.2.02.2.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.