Lucene search
+L

226 matches found

OSV
OSV
added 2023/04/10 7:36 a.m.19 views

CVE-2023-27602 Apache Linkis publicsercice module unrestricted upload of file

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

9.8CVSS7.2AI score0.01996EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/04/10 7:35 a.m.46 views

CVE-2023-29215 Apache Linkis JDBC EngineCon has a deserialization command execution

In Apache Linkis =1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC...

10AI score0.0212EPSS
Exploits0References2
CVE
CVE
added 2023/04/10 7:35 a.m.58 views

CVE-2023-29215

Affected software : Apache Linkis 1.3.1 and earlier (<= 1.3.1;

9.8CVSS9.8AI score0.0212EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/10 7:35 a.m.15 views

CVE-2023-29215 Apache Linkis JDBC EngineCon has a deserialization command execution

In Apache Linkis =1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC...

8AI score0.0212EPSS
Exploits0References2
OSV
OSV
added 2023/04/10 7:35 a.m.22 views

CVE-2023-29215 Apache Linkis JDBC EngineCon has a deserialization command execution

In Apache Linkis =1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC...

9.8CVSS7.5AI score0.0212EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.7 views

Apache Linkis 加密问题漏洞

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and earlier versions have a weak algorithmic vulnerability that stems from an oversimplified default token generated during Linkis Gateway...

9.1CVSS6.8AI score0.00811EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.6 views

Apache Linkis 路径遍历漏洞

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. A directory traversal vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from the Manager module not checking the zip path when uploading...

9.8CVSS7.9AI score0.01808EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.10 views

Apache Linkis 代码问题漏洞

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. An arbitrary file upload vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from the PublicService module uploading files without restrictio...

9.8CVSS7.8AI score0.01996EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-21244 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue is related to a Zip Slip problem in the Manager module engineConn material upload, which does not check the zip path. This can lead to a potential RCE vulnerability...

9.8CVSS7AI score0.01808EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-2446 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.0 through 1.3.1 Description: The issue is related to the lack of effective filtering of parameters in Apache Linkis, which can lead to a deserialization vulnerability. This vulnerability can be triggered by an...

10CVSS8AI score0.0212EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.26 views

Apache Linkis 代码问题漏洞

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. A code execution vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from a lack of valid filtered parameters, and can be exploited by an...

9.8CVSS8.4AI score0.0212EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.7 views

Apache Linkis 代码问题漏洞

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and prior versions suffer from a deserialization vulnerability that stems from a parameter that lacks a valid filter, which can be exploited by an...

9.8CVSS8AI score0.0212EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/02/13 12:0 a.m.9 views

The vulnerability of the MySQL Connector/J component of the Apache Linkis application connection, management, and orchestration software allows a hacker to execute arbitrary code.

The vulnerability of the MySQL Connector/J component of the Apache Linkis application programming interface, which is responsible for connecting, managing, and orchestrating applications, relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker ...

10CVSS8AI score0.01949EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/10 12:0 a.m.12 views

The vulnerability of the MySQL Connector/J component of the Apache Linkis application connection, management, and orchestration software allows a hacker to gain read access to arbitrary files.

The vulnerability of the MySQL Connector/J component of the Apache Linkis application programming interface, which involves connection management and orchestration, stems from insufficient protection of sensitive data when processing the AllowLoadLocalInfile parameter with a value of true...

6.8CVSS6.7AI score0.01161EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/31 12:30 p.m.27 views

Apache Linkis vulnerable to Exposure of Sensitive Information

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of...

6.5CVSS6AI score0.01161EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/31 12:30 p.m.30 views

Apache Linkis contains Deserialization of Untrusted Data

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

8.8CVSS8.8AI score0.01949EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/31 12:30 p.m.19 views

GHSA-H6W8-52MQ-4QXC Apache Linkis contains Deserialization of Untrusted Data

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

8.8CVSS8.9AI score0.01949EPSS
Exploits0References3
OSV
OSV
added 2023/01/31 12:30 p.m.31 views

GHSA-RX76-XW35-6RH8 Apache Linkis vulnerable to Exposure of Sensitive Information

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of...

6.5CVSS6.1AI score0.01161EPSS
Exploits0References3
NVD
NVD
added 2023/01/31 10:15 a.m.40 views

CVE-2022-44645

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

8.8CVSS8.9AI score0.01949EPSS
Exploits0References1
NVD
NVD
added 2023/01/31 10:15 a.m.33 views

CVE-2022-44644

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

6.5CVSS6.2AI score0.01161EPSS
Exploits0References1
Rows per page
Query Builder