Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Linkis Security Vulnerabilities - 2023

cve
cve

CVE-2022-44644

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should b...

6.5CVSS

6.1AI Score

0.0005EPSS

2023-01-31 10:15 AM
36
cve
cve

CVE-2022-44645

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the paramet...

8.8CVSS

8.8AI Score

0.003EPSS

2023-01-31 10:15 AM
35
cve
cve

CVE-2023-27602

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properti...

9.8CVSS

9.4AI Score

0.027EPSS

2023-04-10 08:15 AM
28
cve
cve

CVE-2023-27603

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.

9.8CVSS

9.4AI Score

0.016EPSS

2023-04-10 08:15 AM
34
cve
cve

CVE-2023-27987

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify...

9.1CVSS

9.2AI Score

0.005EPSS

2023-04-10 08:15 AM
28
2
cve
cve

CVE-2023-29215

In Apache Linkis <=1.3.1, due to the lack of effective filteringof parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger adeserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC ...

9.8CVSS

9.7AI Score

0.024EPSS

2023-04-10 08:15 AM
24
cve
cve

CVE-2023-29216

In Apache Linkis <=1.3.1, because the parameters are noteffectively filtered, the attacker uses the MySQL data source and malicious parameters toconfigure a new data source to trigger a deserialization vulnerability, eventually leading toremote code execution.Versions of Apache Linkis <= 1.3....

9.8CVSS

9.4AI Score

0.024EPSS

2023-04-10 08:15 AM
46