Deserialization of Untrusted Data vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.
[1]
https://github.com/apache/inlong/pull/11732
| Score | Percentile |
|---|---|
| 0.40% | 60.11% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 8.1 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-r324-vgr5-73c9 ↗ |
| CVE | CVE-2025-27522 ↗ |
| CWE id | Name |
|---|---|
| CWE-502 | Deserialization of Untrusted Data |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| maven | org.apache.inlong:manager-pojo | >= 1.13.0, < 2.2.0 | 2.2.0 | — |