Encoding Error

Overview org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Encoding Error via the handlin...

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.1 <=1.2.2), com.webank.wedatasphere.dss:dss-apiservice-server (>=1.1.0 <=1.2.2) +192 more potentially affected by CVE-2025-29847 via org.apache.linkis:linkis-common (>=1.0.3 <=1.8.0)

org.apache.linkis:linkis-common MAVEN version =1.0.3, =1.1.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.1.2, =1.0.1, =1.0.1, =1.1.0, =1.0.1, =1.0.1, =1.1.0, =1.1.0, =1.2.2 and more Source cves: CVE-2025-29847 Source advisory: SNYK:JAVA-ORGAPACHELINKIS-15035881https://vulners.com/snyk...

Arbitrary File Deletion

org.apache.linkis, linkis-common is vulnerable to Arbitrary File Deletion. The vulnerability is due to a defect in the Basic management services component which allows a user with an administrator account to delete any file accessible by the Linkis system user...

Arbitrary File Read

org.apache.linkis: linkis-common is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of effective filtering of parameters, allowing an attacker with an authorized linkis account to configure malicious MySQL JDBC parameters in the DataSource Manager Module which results in...

Remote Code Execution (RCE)

org.apache.linkis:linkis-common is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied zip paths in ZipUtils.scala allows an attacker to upload and execute malicious code on the system...