CVE-2023-49566 Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

CVE-2023-46801 Apache Linkis DataSource: DataSource Remote code execution vulnerability

In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...

CVE-2023-41916 Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

CVE-2023-41916

CVE-2023-41916 affects Apache Linkis DataSource Manager: inadequate filtering of parameters allows an authorized attacker to configure malicious MySQL JDBC parameters and trigger arbitrary file reads in Linkis

PT-2024-4766 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis version 1.4.0 Description: The issue is related to the lack of effective filtering of parameters in the DataSource Manager Module of Apache Linkis, allowing an attacker to configure malicious Mysql JDBC parameters and trigger...

PT-2024-5102 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions =1.5.0 Description: The issue is related to the lack of effective filtering of parameters in the DataSource Manager Module of Apache Linkis. This allows an attacker to configure malicious db2 parameters, resulting in jn...

Malicious code in falcor-datasource-chainer (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2356 Malicious code in falcor-datasource-chainer (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2022-23498

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user's session. To mitigate the...

SUSE CVE-2022-29170

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn't call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...

GHSA-XC3P-28HW-Q24G Grafana proxy Cross-site Scripting

Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5.15 -...

GHSA-299Q-3P96-5898 Apache Superset Incorrect Authorization vulnerability

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

Apache Superset Incorrect Authorization vulnerability

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

CVE-2024-28148

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

PT-2024-22297 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.1.2 Description: An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. Recommendations: For versions prior to...

[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40

The Commons Configuration software library provides a generic configuration interface which enables a Java application to read configuration data from a variety of sources. Commons Configuration provides typed access to single, and multi-valued configuration parameters as demonstrated by the...

GHSA-M757-P8RV-4Q93 Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

CVE-2023-50740 Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...