JNDI Injection

org.apache.linkis: linkis-common is vulnerable to JNDI Injection. The vulnerability is due to insufficient filtering of db2 parameters, allowing an attacker with access to an authorized Linkis account to configure malicious parameters in the DataSource Manager Module which results in JNDI Injecti...

Arbitrary File Read

org.apache.linkis: linkis-common is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of effective filtering of parameters, allowing an attacker with an authorized linkis account to configure malicious MySQL JDBC parameters in the DataSource Manager Module which results in...

CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

CVE-2023-41916

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

CVE-2023-49566

CVE-2023-49566 affects Apache Linkis 1.5.0 and earlier, specifically the DataSource Manager Module where DB2 URL parameters can be crafted to trigger a JNDI injection due to insufficient filtering. The attack requires an attacker with an authorized Linkis account and can enable exploitation throu...

CVE-2023-41916

CVE-2023-41916 affects Apache Linkis DataSource Manager: inadequate filtering of parameters allows an authorized attacker to configure malicious MySQL JDBC parameters and trigger arbitrary file reads in Linkis