Primary

Context

Apache InLong Deserialization Vulnerability Leading to Arbitrary File Read

Vulnerability

Patched

A deserialization of untrusted data vulnerability has been identified in Apache InLong versions 1.13.0 prior to 2.1.0. This vulnerability allows an authenticated attacker to read arbitrary files by exploiting the deserialization process, which can be manipulated by double writing a specific parameter.

Impact

Exploitation of this vulnerability could lead to unauthorized reading of files on the server.

Remediation

Users are advised to upgrade to Apache InLong version 2.1.0 or later, which addresses this vulnerability.

Added: Jun 6, 2025, 3:26 PM

Updated: Jun 6, 2025, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.8

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.8

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache InLong Deserialization Vulnerability Leading to Arbitrary File Read

Vulnerability

Impact

Remediation

Affected Products

Apache InLong

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating