Apache

Linkis

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2024-45627

  • EPSS 0.06%
  • Published 14.01.2025 17:15:17
  • Last modified 13.05.2025 21:32:24

In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefor...

7.5

CVE-2024-39928

  • EPSS 0.2%
  • Published 25.09.2024 01:15:40
  • Last modified 16.05.2025 20:27:25

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes t...

4.9

CVE-2024-27182

  • EPSS 0.23%
  • Published 02.08.2024 10:16:00
  • Last modified 27.03.2025 16:15:22

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes th...

8.8

CVE-2024-27181

  • EPSS 0.19%
  • Published 02.08.2024 10:15:59
  • Last modified 03.06.2025 21:22:14

In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.

6.5

CVE-2023-41916

  • EPSS 0.17%
  • Published 15.07.2024 08:15:02
  • Last modified 14.03.2025 16:15:27

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC ...

8.8

CVE-2023-46801

  • EPSS 2.95%
  • Published 15.07.2024 08:15:02
  • Last modified 21.11.2024 08:29:20

In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files int...

8.8

CVE-2023-49566

  • EPSS 0.39%
  • Published 15.07.2024 08:15:02
  • Last modified 27.03.2025 16:15:20

In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be b...

5.3

CVE-2023-50740

  • EPSS 0.13%
  • Published 06.03.2024 14:15:47
  • Last modified 07.05.2025 15:46:18

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0

9.8

CVE-2023-27603

  • EPSS 0.24%
  • Published 10.04.2023 08:15:07
  • Last modified 21.11.2024 07:53:14

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1...

9.1

CVE-2023-27987

  • EPSS 0.1%
  • Published 10.04.2023 08:15:07
  • Last modified 21.11.2024 07:53:52

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrad...