{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "An arbitrary file read vulnerability for JDBC",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "cweId": "CWE-502",
              "type": "CWE"
            }
          ]
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache InLong",
          "versions": [
            {
              "status": "affected",
              "version": "1.13.0",
              "lessThan": "2.1.0",
              "versionType": "semver"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "Deserialization of Untrusted Data vulnerability in Apache InLong.\u00a0\n\nThis issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\nthis issue would allow an authenticated attacker to read arbitrary files\u00a0by double writing the param.\n\n\n\n\n\nUsers are recommended to upgrade to version 2.1.0, which fixes the issue.",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<p>Deserialization of Untrusted Data vulnerability in Apache InLong.&nbsp;</p><p>This issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\n<span style=\"background-color: rgb(255, 255, 255);\">this issue would allow an authenticated attacker to read arbitrary files</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;by double writing the param.</span>\n\n</span>\n\n</p><p>Users are recommended to upgrade to version 2.1.0, which fixes the issue.</p>"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "moderate"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ming",
          "type": "finder"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2025-27531",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}