Severity: low Affected versions:
- Apache Gravitino (org.apache.gravitino:catalog-jdbc-common) 0.5.0 before 1.0.0 Description: SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue. Credit: A1kaid@ThreatBook VulTeam (reporter) Le1a@ThreatBook VulTeam (finder) References: https://gravitino.apache.org https://www.cve.org/CVERecord?id=CVE-2025-53648
