In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.
History

Tue, 22 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-04-10T07:35:23.690Z

Updated: 2024-10-22T15:27:46.240Z

Reserved: 2023-04-03T14:49:09.555Z

Link: CVE-2023-29215

cve-icon Vulnrichment

Updated: 2024-08-02T14:00:15.874Z

cve-icon NVD

Status : Modified

Published: 2023-04-10T08:15:07.237

Modified: 2024-11-21T07:56:43.840

Link: CVE-2023-29215

cve-icon Redhat

No data.