Linkis Security Vulnerabilities and Issues — Linkis CVE List

Lucene search

ApacheLinkis

5 matches found

CVE•added 2023/04/10 8:15 a.m.•64 views

CVE-2023-29216

In Apache Linkis <=1.3.1, because the parameters are noteffectively filtered, the attacker uses the MySQL data source and malicious parameters toconfigure a new data source to trigger a deserialization vulnerability, eventually leading toremote code execution.Versions of Apache Linkis

9.8CVSS9.4AI score0.03106EPSS

CVE•added 2023/04/10 8:15 a.m.•54 views

CVE-2023-27602

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions

9.8CVSS9.5AI score0.00358EPSS

CVE•added 2023/04/10 8:15 a.m.•48 views

CVE-2023-27603

In Apache Linkis

9.8CVSS9.5AI score0.0024EPSS

CVE•added 2023/04/10 8:15 a.m.•42 views

CVE-2023-27987

In Apache Linkis

9.1CVSS9.2AI score0.00096EPSS

CVE•added 2023/04/10 8:15 a.m.•42 views

CVE-2023-29215

In Apache Linkis <=1.3.1, due to the lack of effective filteringof parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger adeserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC ...

9.8CVSS9.8AI score0.03106EPSS