EUVD-2023-0482

Malicious code in bioql PyPI...

EUVD-2023-2114

Malicious code in bioql PyPI...

CVE-2024-45627

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

CVE-2023-29216

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

CVE-2024-45627

Summary (CVE-2024-45627) In Apache Linkis, versions earlier than 1.7.0 are vulnerable due to insufficient filtering of parameters in the DataSource Manager’s MySQL JDBC configuration. An attacker with an authorized Linkis account can configure malicious MySQL JDBC parameters to read arbitrary fil...

Apache Linkis Elevation of Privilege Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An elevation of privilege vulnerability exists in Apache Linkis, which can be exploited by an attacker to gain...

Sensitive Information Disclosure

Apache Linkis is vulnerable to Sensitive Information Disclosure. The vulnerability is caused by the inclusion of sensitive information password in the log statement. This potentially leads to exposure to sensitive information...