← voltar
CVE-2025-27528

Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

CVSS 9.1 CRITICALEPSS 0.6%CWE-502
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11747
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
Apache Software Foundation · Apache InLong

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/apache/inlong/pull/11747https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgjhttp://www.openwall.com/lists/oss-security/2025/05/28/3