Apache

Linkis

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2024-45627

  • EPSS 0.06%
  • Veröffentlicht 14.01.2025 17:15:17
  • Zuletzt bearbeitet 13.05.2025 21:32:24

In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefor...

7.5

CVE-2024-39928

  • EPSS 0.2%
  • Veröffentlicht 25.09.2024 01:15:40
  • Zuletzt bearbeitet 16.05.2025 20:27:25

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes t...

4.9

CVE-2024-27182

  • EPSS 0.23%
  • Veröffentlicht 02.08.2024 10:16:00
  • Zuletzt bearbeitet 27.03.2025 16:15:22

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes th...

8.8

CVE-2024-27181

  • EPSS 0.19%
  • Veröffentlicht 02.08.2024 10:15:59
  • Zuletzt bearbeitet 03.06.2025 21:22:14

In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.

6.5

CVE-2023-41916

  • EPSS 0.17%
  • Veröffentlicht 15.07.2024 08:15:02
  • Zuletzt bearbeitet 14.03.2025 16:15:27

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC ...

8.8

CVE-2023-46801

  • EPSS 2.95%
  • Veröffentlicht 15.07.2024 08:15:02
  • Zuletzt bearbeitet 21.11.2024 08:29:20

In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files int...

8.8

CVE-2023-49566

  • EPSS 0.39%
  • Veröffentlicht 15.07.2024 08:15:02
  • Zuletzt bearbeitet 27.03.2025 16:15:20

In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be b...

5.3

CVE-2023-50740

  • EPSS 0.13%
  • Veröffentlicht 06.03.2024 14:15:47
  • Zuletzt bearbeitet 07.05.2025 15:46:18

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0

9.8

CVE-2023-27603

  • EPSS 0.24%
  • Veröffentlicht 10.04.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 07:53:14

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1...

9.1

CVE-2023-27987

  • EPSS 0.1%
  • Veröffentlicht 10.04.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 07:53:52

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrad...