193 matches found
CVE-2025-59355
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...
CVE-2025-29847
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...
com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.2 <=1.2.2), com.webank.wedatasphere.dss:dss-apiservice-server (>=1.1.2 <=1.2.2) +166 more potentially affected by CVE-2025-29847 via org.apache.linkis:linkis-common (>=1.3.0 <=1.8.0)
org.apache.linkis:linkis-common MAVEN version =1.3.0, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.2.2 and more Source cves: CVE-2025-29847 Source advisory: SNYK:JAVA-ORGAPACHELINKIS-15035881https://vulners.com/snyk...
Apache Linkis: Password Exposure
When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will b...
GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...
CVE-2025-29847
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...
CVE-2025-29847
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...
CVE-2025-59355 Apache Linkis: Password Exposure
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...
CVE-2025-29847
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...
CVE-2025-29847
CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...
CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...
Apache Linkis security vulnerabilities
Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis 1.7.0 and earlier contain security vulnerabilities. These vulnerabilities stem fr...
CVE-2023-29215
In Apache Linkis =1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC...
CVE-2023-49566
In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obta...
EUVD-2024-2332
Malicious code in bioql PyPI...
EUVD-2023-1378
Malicious code in bioql PyPI...
EUVD-2024-0960
Malicious code in bioql PyPI...
EUVD-2023-2177
Malicious code in bioql PyPI...
EUVD-2023-1393
Malicious code in bioql PyPI...