Lucene search
+L

226 matches found

Prion
Prion
added 2023/01/31 10:15 a.m.20 views

Code injection

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

4CVSS6.2AI score0.01161EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/31 10:15 a.m.22 views

Deserialization of untrusted data

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

6.5CVSS8.9AI score0.01949EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/31 9:40 a.m.40 views

CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

6.3AI score0.01161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/31 9:40 a.m.8 views

CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

6.2AI score0.01161EPSS
Exploits0References1
OSV
OSV
added 2023/01/31 9:40 a.m.16 views

CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

6.5CVSS6.7AI score0.01161EPSS
Exploits0References3
CVE
CVE
added 2023/01/31 9:40 a.m.75 views

CVE-2022-44644

CVE-2022-44644 — Apache Linkis local file read vulnerability . Affected: Apache Linkis

6.5CVSS6.2AI score0.01161EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/31 9:38 a.m.53 views

CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

9.2AI score0.01949EPSS
Exploits0References1
OSV
OSV
added 2023/01/31 9:38 a.m.16 views

CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

8.8CVSS6.6AI score0.01949EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/31 9:38 a.m.9 views

CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

8.9AI score0.01949EPSS
Exploits0References1
CVE
CVE
added 2023/01/31 9:38 a.m.73 views

CVE-2022-44645

CVE-2022-44645 affects Apache Linkis

8.8CVSS8.9AI score0.01949EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.5 views

Apache Linkis 代码问题漏洞

Apache Linkis is a middleware product from the Apache Foundation that establishes an effective connection between upper-tier applications and the underlying data engine. A code issue vulnerability exists in Apache Linkis 1.3.0 and prior versions, which stems from a deserialization vulnerability...

8.8CVSS8.7AI score0.01949EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.5 views

Apache Linkis 输入验证错误漏洞

Apache Linkis is a middleware product from the Apache Foundation that establishes an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis 1.3.0 and earlier versions, which can be exploited by an...

6.5CVSS6.7AI score0.01161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/31 12:0 a.m.17 views

PT-2023-1346 · Apache +1 · Apache Linkis +1

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions prior to 1.3.1 Description: The issue is related to insufficient protection of service data when handling the allowLoadLocalInfile parameter with a value of true in the MySQL Connector/J component of Apache Linkis. This...

6.8CVSS6.2AI score0.01161EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.6 views

PT-2022-6257 · Apache +1 · Apache Linkis +1

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.0 and earlier Description: A deserialization vulnerability exists in Apache Linkis when used with the MySQL Connector/J, allowing for possible remote code execution impact. This occurs when an attacker has write...

10CVSS8.8AI score0.01949EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2022/10/31 12:0 a.m.7 views

The vulnerability of the Apache Linkis application connection, management, and orchestration software lies in the recovery of unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Apache Linkis application programming interface for connecting, managing, and orchestrating applications is related to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8AI score0.01747EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2022/10/27 3:5 a.m.27 views

Remote Code Execution (RCE)

linkis-entrance is vulnerable to remote code execution. The vulnerability exists in the onProgressUpdate function of QueryPersistenceManager.java, allowing an attacker to inject and execute malicious query parameters when an attacker has write access to the database and configures a JDBC EC with ...

8.8CVSS8.9AI score0.01747EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/10/26 7:0 p.m.30 views

GHSA-3F3W-GMQF-4HJ3 Apache Linkis subject to Remote Code Execution via deserialization

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

8.8CVSS8.8AI score0.01747EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/10/26 7:0 p.m.28 views

Apache Linkis subject to Remote Code Execution via deserialization

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

8.8CVSS8.7AI score0.01747EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/10/26 4:15 p.m.35 views

CVE-2022-39944

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

8.8CVSS0.01747EPSS
Exploits0References1
Prion
Prion
added 2022/10/26 4:15 p.m.21 views

Deserialization of untrusted data

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

6.5CVSS8.9AI score0.01747EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder