CVE-2025-27531 – org.apache.inlong:inlong-manager

Package

Manager: maven
Name: org.apache.inlong:inlong-manager
Vulnerable Version: >=1.13.0 <2.1.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00199 pctl0.42095

Details

Apache InLong Deserialization of Untrusted Data Vulnerability Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.

Metadata

Created: 2025-06-06T15:30:53Z
Modified: 2025-06-10T20:08:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-62gc-8jr5-x9pm/GHSA-62gc-8jr5-x9pm.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-62gc-8jr5-x9pm
Finding: F096
Auto approve: 1