{"schema_version": "1.6.1", "id": "CVE-2025-27531", "summary": "An arbitrary file read vulnerability for JDBC", "details": "Deserialization of Untrusted Data vulnerability in Apache InLong. \n\nThis issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\nthis issue would allow an authenticated attacker to read arbitrary files by double writing the param.\n\n\n\n\n\nUsers are recommended to upgrade to version 2.1.0, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.13.0"}, {"fixed": "2.1.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5"}]}