Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN129

_____________________________________________________________________

DATE                : 28/02/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache InLong versions prior to
                                        2.1.0.

=====================================================================
https://lists.apache.org/thread/rtx3kmoq2td4kl019y8q8fpztw00ffh7
_____________________________________________________________________

CVE-2025-27531: Apache InLong: An arbitrary file read vulnerability
for JDBC

Severity: moderate

Affected versions:

- Apache InLong 1.13.0 before 2.1.0


Description:

Deserialization of Untrusted Data vulnerability in Apache InLong. 

This issue affects Apache InLong: from 1.13.0 before 2.1.0, this can
lead to bypass by double writing the param.


Users are recommended to upgrade to version 2.1.0, which fixes the issue.


Credit:

Ming (finder)


References:

https://inlong.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-27531



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================