Lucene search
K

193 matches found

Github Security Blog
Github Security Blog
added 2024/03/06 3:31 p.m.22 views

Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

5.3CVSS5.2AI score0.00901EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/03/06 2:15 p.m.26 views

CVE-2023-50740

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

5.3CVSS6.4AI score0.00901EPSS
Exploits0References2
Prion
Prion
added 2024/03/06 2:15 p.m.23 views

Design/Logic Flaw

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

7AI score0.00901EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/06 1:44 p.m.30 views

CVE-2023-50740 Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

6.7AI score0.00901EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 1:44 p.m.2 views

CVE-2023-50740 Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

5.3CVSS6AI score0.00901EPSS
Exploits0References5
CVE
CVE
added 2024/03/06 1:44 p.m.77 views

CVE-2023-50740

CVE-2023-50740 affects Apache Linkis

5.3CVSS5.2AI score0.00901EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.3 views

PT-2023-8820 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions =1.4.0 Description: The issue is related to insufficient protection of registration data in Apache Linkis, which may allow a remote attacker to gain unauthorized access to protected information. Specifically, when using...

7.8CVSS7.4AI score0.00901EPSS
Exploits0References11
OSV
OSV
added 2023/07/06 7:24 p.m.22 views

GHSA-4X5H-XMV4-99WX Apache Linkis Authentication Bypass vulnerability

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

9.1CVSS9.2AI score0.00811EPSS
Exploits0References5
OSV
OSV
added 2023/07/06 7:24 p.m.20 views

GHSA-PJ5J-W7MW-W797 Apache Linkis Zip Slip issue

In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...

9.8CVSS9.4AI score0.01808EPSS
Exploits0References4
OSV
OSV
added 2023/07/06 7:24 p.m.17 views

GHSA-X84R-JRQM-3HJ8 Apache Linkis Unrestricted File Upload vulnerability

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

9.8CVSS9.4AI score0.01996EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.21 views

Apache Linkis Authentication Bypass vulnerability

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

9.1CVSS6.8AI score0.00811EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.21 views

Apache Linkis Unrestricted File Upload vulnerability

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

9.8CVSS6.8AI score0.01996EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/25 12:0 a.m.7 views

The vulnerability of the Apache Linkis application connection, management, and orchestration software lies in the recovery of unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Apache Linkis application connection, management, and orchestration software is related to the lack of effective parameter filtering. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.0212EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/04/18 8:52 a.m.26 views

Remote Code Execution (RCE)

org.apache.linkis:linkis-common is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied zip paths in ZipUtils.scala allows an attacker to upload and execute malicious code on the system...

9.8CVSS9.6AI score0.01808EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/04/18 8:19 a.m.17 views

Arbitrary File Upload

org.apache.linkis:linkis-storage-script-dev-server is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate the uploaded file paths, and file types, allowing an attacker to bypass restrictions and upload malicious files to the server...

9.8CVSS9AI score0.01996EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2023/04/12 6:52 a.m.18 views

Remote Code Execution (RCE)

org.apache.linkis:linkis-datasource is vulnerable to Remote Code Execution RCE. A remote attacker is able to upload and execute malicious code on the system, using MySQL data source and malicious parameters to configure a new data source which triggers insecure deserialization...

9.8CVSS9.5AI score0.0212EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2023/04/12 12:0 a.m.8 views

Apache Linkis Directory Traversal Vulnerability

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. A directory traversal vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from the Manager module not checking the zip path when uploading...

9.8CVSS7.4AI score0.01808EPSS
Exploits0References1
CNVD
CNVD
added 2023/04/12 12:0 a.m.11 views

Apache Linkis Arbitrary File Upload Vulnerability

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. An arbitrary file upload vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from the PublicService module uploading files without restrictio...

9.8CVSS7.4AI score0.01996EPSS
Exploits0References1
CNVD
CNVD
added 2023/04/12 12:0 a.m.9 views

Apache Linkis Deserialization Vulnerability

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and prior versions suffer from a deserialization vulnerability that stems from a parameter that lacks a valid filter, which can be exploited by an...

9.8CVSS7.5AI score0.0212EPSS
Exploits0References1
CNVD
CNVD
added 2023/04/12 12:0 a.m.8 views

Apache Linkis Weak Algorithm Vulnerability

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and earlier versions have a weak algorithmic vulnerability that stems from an oversimplified default token generated during Linkis Gateway...

9.1CVSS6.6AI score0.00811EPSS
Exploits0References1
Rows per page
Query Builder