VYPR
High severityNVD Advisory· Published Jul 15, 2024· Updated Mar 27, 2025

Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability

CVE-2023-49566

Description

In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious

db2

parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted.

This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.

Versions of Apache Linkis

<=1.5.0

will be affected. We recommend users upgrade the version of Linkis to version 1.6.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.linkis:linkis-datasourceMaven
< 1.6.01.6.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.