14 matches found
CVE-2024-39928
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
GHSA-6GCH-63WP-4V5F Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
CVE-2024-39928
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
CVE-2024-39928
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
CVE-2024-39928 Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
CVE-2024-39928
Summary of CVE-2024-39928 (Apache Linkis Spark EngineConn) Affected software: Apache Linkis Spark EngineConn in versions up to 1.5.0 (engine component referenced as EngineConn/Spark EngineConn). Vulnerability: Random string generation for Py4j token uses Commons Lang’s RandomStringUtils, enabling...
CVE-2024-39928 Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
PT-2024-28740 · Apache · Spark Engineconn +2
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.0 through 1.5.0 Description: A Random string security vulnerability exists in Spark EngineConn, where the random string generated by the Token when starting Py4j uses Commons Lang's RandomStringUtils. Recommendation...
Apache Linkis Code Execution Vulnerability (CNVD-2023-80566)
Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. A code execution vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from a lack of valid filtered parameters, and can be exploited by an...
Apache Linkis JDBC EngineConn has deserialization vulnerability
In Apache Linkis =1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EngineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC U...
GHSA-QM2H-M799-86RC Apache Linkis JDBC EngineConn has deserialization vulnerability
In Apache Linkis =1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EngineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC U...
CVE-2023-27603 Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue
In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...
CVE-2022-39944 The Apache Linkis JDBC EngineConn module has a RCE Vulnerability
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...