Severity: low 

Affected versions:

- Apache Gravitino (org.apache.gravitino:catalog-jdbc-common) 0.5.0 before 1.0.0

Description:

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can 
allow a malicious user to read or truncate files.
Users are recommended to upgrade to version 1.0.0, which fixes this issue.

Credit:

A1kaid@ThreatBook VulTeam (reporter)
Le1a@ThreatBook VulTeam (finder)

References:

https://gravitino.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-53648

Reply via email to