io.xuxiaowei.seata:seata-server (>=2.1.0 <=2.2.0), org.apache.seata:seata-compressor-all (>=2.1.0 <=2.2.0) +5 more potentially affected by CVE-2024-54016 via org.apache.seata:seata-compressor-zstd (>=2.1.0 <=2.2.0)

org.apache.seata:seata-compressor-zstd MAVEN version =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.2.0 Source cves: CVE-2024-54016 Source advisory: SNYK:JAVA-ORGAPACHESEATA-9521513...

com.weicoder:seata (>=3.5.1 <=3.6.2), io.seata:seata-compressor-all (>=1.5.0 <=2.0.0) +7 more potentially affected by CVE-2024-54016 via io.seata:seata-compressor-zstd (>=1.5.0 <=2.0.0)

io.seata:seata-compressor-zstd MAVEN version =1.5.0, =3.5.1, =1.5.0, =1.5.0, =1.8.0, =1.5.0, =1.7.0, =1.8.0, =2.0.0 Source cves: CVE-2024-54016 Source advisory: SNYK:JAVA-IOSEATA-9521514...

Malicious code in esm-appdynamics-grafana-react-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f395665c4d165d336c17cf90f183b9da91013f0d72574f6b2875830ed057d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

com.alilitech:boot-plus-log (>=2.1.0 <=2.1.5), com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0) +19 more potentially affected by CVE-2025-27152 via org.webjars.npm:axios (>=1.15.2 <=1.7.2)

org.webjars.npm:axios MAVEN version =1.15.2, =2.1.0, =2.0.0, =1.0.3, =1.0.0, =2.1.1, =1.0.0, =1.0.0, =2.1.3, =2.0.0, =1.0.2, =4.22.2, =4.22.2, =0.0.1, =1.0.0 - org.webjars.npm:posthog-node =4.17.1 and more Source cves: CVE-2025-27152 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9376923...

Apache Linkis Input Validation Error Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

Astra Linux - уязвимость в jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

Malicious code in digitalexp-datasource-definitions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36663c1c097e4ad0179af75313622f87a6e8b4c1ccd10cf2d93e5a505e4c2985 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in emoji-datasource-google-blob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3653a56d9d36fb380b98090ef118578ceed822d7bb1ab1a62d6a18fba5ed5b2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-8CVQ-3JJP-PH9P Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

CVE-2024-45627 Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

CVE-2024-45627

Summary (CVE-2024-45627) In Apache Linkis, versions earlier than 1.7.0 are vulnerable due to insufficient filtering of parameters in the DataSource Manager’s MySQL JDBC configuration. An attacker with an authorized Linkis account can configure malicious MySQL JDBC parameters to read arbitrary fil...

CVE-2024-45627 Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

Apache Linkis 安全漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

Malicious code in grafana-sentry-datasource (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f64ac119461c222b3a037a8fb79c1239e05e03cbce16d87f17ce6f1bb3a857a7 Any computer that has this package install...

MAL-2025-43 Malicious code in grafana-sentry-datasource (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f64ac119461c222b3a037a8fb79c1239e05e03cbce16d87f17ce6f1bb3a857a7 Any computer that has this package install...

grafana-pcp security update

5.1.1-9 - Resolves: RHEL-57932 5.1.1-8 - Add a premade uwsgi dashboard for the vector datasource...

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

PT-2024-34622 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: AppSmith Community versions 1.8.3 through 1.46 Description: The issue allows for Server-Side Request Forgery SSRF via the New DataSource feature for application/json requests to the IP address 169.254.169.254, which is used to retrieve AWS...

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...