74 matches found
CVE-2022-44644
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
Code injection
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
Deserialization of untrusted data
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44644
CVE-2022-44644 — Apache Linkis local file read vulnerability . Affected: Apache Linkis
CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44645
CVE-2022-44645 affects Apache Linkis
PT-2023-1346 · Apache +1 · Apache Linkis +1
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions prior to 1.3.1 Description: The issue is related to insufficient protection of service data when handling the allowLoadLocalInfile parameter with a value of true in the MySQL Connector/J component of Apache Linkis. This...
OESA-2022-2076 mysql-connector-java security update
MySQL Connector/J is a native Java driver that converts JDBC Java Database Connectivity calls into the network protocol used by the MySQL database. It lets developers working with the Java programming language easily build programs and applets that interact with MySQL and connect all corporate...
Apache Linkis subject to Remote Code Execution via deserialization
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
GHSA-3F3W-GMQF-4HJ3 Apache Linkis subject to Remote Code Execution via deserialization
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
CVE-2022-39944
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
Deserialization of untrusted data
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
CVE-2022-39944 The Apache Linkis JDBC EngineConn module has a RCE Vulnerability
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
CVE-2022-39944
Summary: CVE-2022-39944 affects Apache Linkis <= 1.2.0 when used with MySQL Connector/J, enabling a deserialization vulnerability that can lead to remote code execution if an attacker has write access to a database and provides malicious parameters in a JDBC EC with a MySQL data source. The is...
CVE-2022-39944 The Apache Linkis JDBC EngineConn module has a RCE Vulnerability
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
mysql-connector-java: unauthorized access to critical
MySQL Connector/J has no security check when external general entities are included in XML sources, consequently, there exists an XML External EntityXXE vulnerability. A successful attack can access critical data and gain full control/access to all MySQL Connectors' accessible data without any...
mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...