193 matches found
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...
CVE-2023-50740
In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...
Design/Logic Flaw
In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...
CVE-2023-50740 Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...
CVE-2023-50740 Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...
CVE-2023-50740
CVE-2023-50740 affects Apache Linkis
PT-2023-8820 · Apache · Apache Linkis
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions =1.4.0 Description: The issue is related to insufficient protection of registration data in Apache Linkis, which may allow a remote attacker to gain unauthorized access to protected information. Specifically, when using...
GHSA-4X5H-XMV4-99WX Apache Linkis Authentication Bypass vulnerability
In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...
GHSA-PJ5J-W7MW-W797 Apache Linkis Zip Slip issue
In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...
GHSA-X84R-JRQM-3HJ8 Apache Linkis Unrestricted File Upload vulnerability
In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...
Apache Linkis Authentication Bypass vulnerability
In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...
Apache Linkis Unrestricted File Upload vulnerability
In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...
The vulnerability of the Apache Linkis application connection, management, and orchestration software lies in the recovery of unreliable data in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Apache Linkis application connection, management, and orchestration software is related to the lack of effective parameter filtering. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Remote Code Execution (RCE)
org.apache.linkis:linkis-common is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied zip paths in ZipUtils.scala allows an attacker to upload and execute malicious code on the system...
Arbitrary File Upload
org.apache.linkis:linkis-storage-script-dev-server is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate the uploaded file paths, and file types, allowing an attacker to bypass restrictions and upload malicious files to the server...
Remote Code Execution (RCE)
org.apache.linkis:linkis-datasource is vulnerable to Remote Code Execution RCE. A remote attacker is able to upload and execute malicious code on the system, using MySQL data source and malicious parameters to configure a new data source which triggers insecure deserialization...
Apache Linkis Directory Traversal Vulnerability
Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. A directory traversal vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from the Manager module not checking the zip path when uploading...
Apache Linkis Arbitrary File Upload Vulnerability
Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. An arbitrary file upload vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from the PublicService module uploading files without restrictio...
Apache Linkis Deserialization Vulnerability
Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and prior versions suffer from a deserialization vulnerability that stems from a parameter that lacks a valid filter, which can be exploited by an...
Apache Linkis Weak Algorithm Vulnerability
Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and earlier versions have a weak algorithmic vulnerability that stems from an oversimplified default token generated during Linkis Gateway...