Primary

Context

Apache InLong Deserialization Vulnerability Bypassing JDBC Verification

Vulnerability

Patched

A deserialization vulnerability allowing untrusted data to be processed improperly has been identified in Apache InLong versions 1.13.0 prior to 2.1.0. This issue serves as a secondary mining bypass for CVE-2024-26579, potentially leading to unauthorized manipulation of JDBC verification processes.

Impact

Exploitation of this vulnerability can cause sensitive parameters to be bypassed during JDBC verification, potentially leading to unauthorized data access or manipulation.

Remediation

Users are advised to upgrade to Apache InLong version 2.2.0 or to cherry-pick the relevant fix from the Apache InLong GitHub repository.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache InLong Deserialization Vulnerability Bypassing JDBC Verification

Vulnerability

Impact

Remediation

Affected Products

Apache InLong

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating