16 matches found
CVE-2024-45627
In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...
GHSA-8CVQ-3JJP-PH9P Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability
Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...
CVE-2024-45627
In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...
CVE-2024-45627 Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability
In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...
GHSA-JJVC-V8GW-5255 Apache Linkis DataSource remote code execution vulnerability
In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...
GHSA-F22J-9J59-33J4 Apache Linkis DataSource allows arbitrary file reading
In Apache Linkis = 1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...
CVE-2023-46801
In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...
CVE-2023-46801
In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...
CVE-2023-41916
In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...
CVE-2023-46801
Apache Linkis vulnerable to remote code execution in the DataSource MySQL handler for versions = 1.8.0_241 and/or upgrade Linkis to version 1.6.0. If upgrading is not immediately possible, validate and restrict JRMP usage and account privileges to reduce exposure. If exploitation details are not ...
CVE-2023-46801 Apache Linkis DataSource: DataSource Remote code execution vulnerability
In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...
CVE-2023-46801 Apache Linkis DataSource: DataSource Remote code execution vulnerability
In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...
CVE-2023-41916
CVE-2023-41916 affects Apache Linkis DataSource Manager: inadequate filtering of parameters allows an authorized attacker to configure malicious MySQL JDBC parameters and trigger arbitrary file reads in Linkis
PT-2024-5102 · Apache · Apache Linkis
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions =1.5.0 Description: The issue is related to the lack of effective filtering of parameters in the DataSource Manager Module of Apache Linkis. This allows an attacker to configure malicious db2 parameters, resulting in jn...
PT-2024-5100 · Apache · Apache Linkis
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions = 1.8.0 241. For Apache Linkis versions = 1.5.0, upgrade Linkis to version 1.6.0...
K29146534: SSB Variant 4 vulnerability CVE-2018-3639
Security Advisory Description Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...