Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

GHSA-98v7-xxxv-hcrh · CVE-2025-27528

Published May 28, 2025 · Modified May 28, 2025

Description

Deserialization of Untrusted Data vulnerability in Apache InLong.

This issue affects Apache InLong: from 1.13.0 through 2.1.0.

This
vulnerability allows attackers to bypass the security mechanisms of InLong
JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/11747

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-27528
WEB https://github.com/apache/inlong/pull/11747
PACKAGE https://github.com/apache/inlong
WEB https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj
WEB http://www.openwall.com/lists/oss-security/2025/05/28/3

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes