Linkis Apache Linkis

Do you want an email whenever new security vulnerabilities are reported in Apache Linkis?

By the Year

In 2023 there have been 2 vulnerabilities in Apache Linkis with an average score of 7.7 out of ten. Last year Linkis had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 1.15

Year Vulnerabilities Average Score
2023 2 7.65
2022 1 8.80
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Linkis vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Linkis Security Vulnerabilities

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J

CVE-2022-44645 8.8 - High - January 31, 2023

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1.

Marshaling, Unmarshaling

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding

CVE-2022-44644 6.5 - Medium - January 31, 2023

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1

Improper Input Validation

In Apache Linkis <=1.2.0 when used with the MySQL Connector/J

CVE-2022-39944 8.8 - High - October 26, 2022

In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0.

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Linkis or by Apache? Click the Watch button to subscribe.

Apache
Vendor

Apache Linkis
Product

subscribe