CVE-2025-27528 Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

CVE-2025-27528 Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

CVE-2025-27528

CVE-2025-27528 describes a deserialization of untrusted data vulnerability in Apache InLong (versions 1.13.0–2.1.0) that can bypass InLong JDBC security and lead to arbitrary file reading. Public sources (Red Hat, NVD, and CVE records) consistently indicate the affected component as InLong JDBC a...

CVE-2025-27526 Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it...

CVE-2025-27526 Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it...

CVE-2025-27526

CVE-2025-27526 affects Apache InLong versions 1.13.0 through 2.1.0 and is due to insecure deserialization of untrusted data, which can enable a JDBC URL-encoding/backspace bypass vulnerability. The issue’s remediation is to upgrade to InLong 2.2.0 or cherry-pick the confirmed fix from GitHub (PR ...

CVE-2025-27522 Apache InLong: JDBC Vulnerability during verification processing

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it. 1...

CVE-2025-27522 Apache InLong: JDBC Vulnerability during verification processing

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it. 1...

CVE-2025-27522

Technical details about CVE-2025-27522 are not publicly available in the provided documents. The entry notes affected versions and a fix in 2.2.0, but no further technical specifics are provided; monitor for updates.

Apache InLong 代码问题漏洞

Apache InLong is a one-stop mass data integration framework from the Apache USA Foundation. It provides automated, secure, and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.13.0 to 2.1.0, which stems from deserializing untrustworthy data and...

Apache InLong 代码问题漏洞

Apache InLong is a one-stop mass data integration framework from the Apache USA Foundation. It provides automated, secure, and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.13.0 through 2.1.0 that stems from deserializing untrustworthy data,...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong versions 1.13.0 to 2.1.0 has a deserialization vulnerability , the vulnerability stems from the application in the...

PT-2025-23052 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.13.0 through 2.1.0 Description: The issue is related to the deserialization of untrusted data in Apache InLong, which can lead to the bypass of JDBC URL encoding and backspace. This can potentially cause security...

org.apache.inlong:manager-client (>=1.7.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.7.0 <=2.1.0) +2 more potentially affected by CVE-2024-26579 +1 more via org.apache.inlong:manager-pojo (>=1.7.0 <=2.1.0)

org.apache.inlong:manager-pojo MAVEN version =1.7.0, =1.7.0, =1.7.0, =1.7.0, =2.0.0, =2.1.0 Source cves: CVE-2024-26579, CVE-2025-27522 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255181...

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding through the JDBC verification process. An attacker can manipulate the application behaviour by injecting malicious data into serialised objects. Note: This is a bypass for the vulnerability previous...

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

CVE-2023-31206

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick 1 to...

CVE-2023-31098

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password with any character or symbol, attackers can easily guess the user's password and access the accoun...

CVE-2023-31454

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

CVE-2023-27296

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to 1 to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade...