Maven package
org.apache.linkis/linkis-datasource
pkg:maven/org.apache.linkis/linkis-datasource
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-49566 | — | < 1.6.0 | 1.6.0 | Jul 15, 2024 | In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requ | ||
| CVE-2023-46801 | — | >= 1.4.0, < 1.6.0 | 1.6.0 | Jul 15, 2024 | In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them. | ||
| CVE-2023-41916 | — | >= 1.4.0, < 1.6.0 | 1.6.0 | Jul 15, 2024 | In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Thi | ||
| CVE-2023-29216 | — | < 1.3.2 | 1.3.2 | Apr 10, 2023 | In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apa |
- CVE-2023-49566Jul 15, 2024affected < 1.6.0fixed 1.6.0
In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requ
- CVE-2023-46801Jul 15, 2024affected >= 1.4.0, < 1.6.0fixed 1.6.0
In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them.
- CVE-2023-41916Jul 15, 2024affected >= 1.4.0, < 1.6.0fixed 1.6.0
In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Thi
- CVE-2023-29216Apr 10, 2023affected < 1.3.2fixed 1.3.2
In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apa