CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

CVE-2025-59355

Apache Linkis CVE-2025-59355 affects 1.0.0–1.7.0, where HiveUtils.decode() may log the full input parameter on Base64 decode failure, risking leakage of sensitive values (e.g., hive-site.xml passwords) if error logs are readable. A fix is available in 1.8.0+ that desensitizes the log (logger.erro...

CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

Apache Linkis security vulnerabilities

Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis 1.7.0 and earlier contain security vulnerabilities. These vulnerabilities stem fr...

EUVD-2023-0482

Malicious code in bioql PyPI...

EUVD-2023-2114

Malicious code in bioql PyPI...

CVE-2024-45627

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

CVE-2023-27603

In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...

CVE-2023-29216

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

CVE-2024-45627

Summary (CVE-2024-45627) In Apache Linkis, versions earlier than 1.7.0 are vulnerable due to insufficient filtering of parameters in the DataSource Manager’s MySQL JDBC configuration. An attacker with an authorized Linkis account can configure malicious MySQL JDBC parameters to read arbitrary fil...

Apache Linkis 安全漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

Apache Linkis Elevation of Privilege Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An elevation of privilege vulnerability exists in Apache Linkis, which can be exploited by an attacker to gain...

Apache Linkis 代码问题漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.6.0 before the version of the code problem vulnerability, the vulnerability stems from the data...

Sensitive Information Disclosure

Apache Linkis is vulnerable to Sensitive Information Disclosure. The vulnerability is caused by the inclusion of sensitive information password in the log statement. This potentially leads to exposure to sensitive information...

Apache Linkis 日志信息泄露漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.4.0 and earlier versions have a log information disclosure vulnerability, the vulnerability stems...