CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obta...

EUVD-2025-25712

Malicious code in bioql PyPI...

CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...

PT-2025-34683

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12 Description: DataEase is an open source business intelligence and data visualization tool. Due to insufficient filtering of DB2 parameters, a JNDI injection attack can be launched, triggering an AspectJWeave...

JNDI Injection

org.apache.linkis: linkis-common is vulnerable to JNDI Injection. The vulnerability is due to insufficient filtering of db2 parameters, allowing an attacker with access to an authorized Linkis account to configure malicious parameters in the DataSource Manager Module which results in JNDI Injecti...