In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.

We recommend users to upgrade the version of Linkis to version 1.3.1.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 27 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-03-27T14:35:59.646Z

Reserved: 2022-11-03T08:45:25.305Z

Link: CVE-2022-44645

cve-icon Vulnrichment

Updated: 2024-08-03T13:54:03.985Z

cve-icon NVD

Status : Modified

Published: 2023-01-31T10:15:10.153

Modified: 2025-03-27T15:15:38.180

Link: CVE-2022-44645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.