GHSA-8CVQ-3JJP-PH9P Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

CVE-2024-45627

Summary (CVE-2024-45627) In Apache Linkis, versions earlier than 1.7.0 are vulnerable due to insufficient filtering of parameters in the DataSource Manager’s MySQL JDBC configuration. An attacker with an authorized Linkis account can configure malicious MySQL JDBC parameters to read arbitrary fil...

CVE-2024-45627 Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

GHSA-7QPC-4XX9-X5QW Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filteringof parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtai...

CVE-2023-49566 Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...