CVE-2023-41916 Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

GHSA-RRHF-32RQ-F28H Apache Linkis DatasourceManager module has deserialization vulnerability

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their...

Apache Linkis DatasourceManager module has deserialization vulnerability

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their...

CVE-2023-29216 Apache Linkis DatasourceManager module has a deserialization command execution

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

CVE-2023-29216 Apache Linkis DatasourceManager module has a deserialization command execution

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...