Lucene search
ApacheVULNRICHMENT:CVE-2023-46801HistoryJul 15, 2024 - 7:55 a.m.
CVE-2023-46801 Apache Linkis DataSource: DataSource Remote code execution vulnerability
2024-07-1507:55:29
CWE-502
apache
github.com
2
apache linkis
remote code execution
data source
java
deserialization
cve-2023-46801
mysql
vulnerability
authorized account
upgrade
AI Score
7.8
Confidence
Low
EPSS
0.001
Percentile
39.9%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them.
This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. We recommend that users upgrade the java version to >= 1.8.0_241. Or users upgrade Linkis to version 1.6.0.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "linkis",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.6.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
CVE-2023-46801
2024-07-15 08:15:02
cvelist
cvelist
osv
osv
CVE-2023-46801
2024-07-15 08:15:02
Apache Linkis DataSource remote code execution vulnerability
2024-07-15 09:36:22
veracode
veracode
Remote Code Execution (RCE)
2024-07-16 05:00:34
github
github
Apache Linkis DataSource remote code execution vulnerability
2024-07-15 09:36:22
cve
cve
CVE-2023-46801
2024-07-15 08:15:02
AI Score
7.8
Confidence
Low
EPSS
0.001
Percentile
39.9%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2023-46801