226 matches found
Code injection
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
Deserialization of untrusted data
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44644
CVE-2022-44644 — Apache Linkis local file read vulnerability . Affected: Apache Linkis
CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44645
CVE-2022-44645 affects Apache Linkis
Apache Linkis 代码问题漏洞
Apache Linkis is a middleware product from the Apache Foundation that establishes an effective connection between upper-tier applications and the underlying data engine. A code issue vulnerability exists in Apache Linkis 1.3.0 and prior versions, which stems from a deserialization vulnerability...
Apache Linkis 输入验证错误漏洞
Apache Linkis is a middleware product from the Apache Foundation that establishes an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis 1.3.0 and earlier versions, which can be exploited by an...
PT-2023-1346 · Apache +1 · Apache Linkis +1
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions prior to 1.3.1 Description: The issue is related to insufficient protection of service data when handling the allowLoadLocalInfile parameter with a value of true in the MySQL Connector/J component of Apache Linkis. This...
PT-2022-6257 · Apache +1 · Apache Linkis +1
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.0 and earlier Description: A deserialization vulnerability exists in Apache Linkis when used with the MySQL Connector/J, allowing for possible remote code execution impact. This occurs when an attacker has write...
The vulnerability of the Apache Linkis application connection, management, and orchestration software lies in the recovery of unreliable data in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Apache Linkis application programming interface for connecting, managing, and orchestrating applications is related to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Remote Code Execution (RCE)
linkis-entrance is vulnerable to remote code execution. The vulnerability exists in the onProgressUpdate function of QueryPersistenceManager.java, allowing an attacker to inject and execute malicious query parameters when an attacker has write access to the database and configures a JDBC EC with ...
GHSA-3F3W-GMQF-4HJ3 Apache Linkis subject to Remote Code Execution via deserialization
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
Apache Linkis subject to Remote Code Execution via deserialization
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
CVE-2022-39944
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...
Deserialization of untrusted data
In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...