In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.  We recommend users upgrade the version of Linkis to version 1.3.1
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-01-31T09:40:52.676Z

Updated: 2024-08-03T13:54:03.937Z

Reserved: 2022-11-03T08:44:03.767Z

Link: CVE-2022-44644

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-31T10:15:09.233

Modified: 2023-11-07T03:54:22.980

Link: CVE-2022-44644

cve-icon Redhat

No data.