In Apache Linkis <=1.3.1, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a
deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-04-10T07:35:23.690Z
Updated: 2024-10-22T15:27:46.240Z
Reserved: 2023-04-03T14:49:09.555Z
Link: CVE-2023-29215
Vulnrichment
Updated: 2024-08-02T14:00:15.874Z
NVD
Status : Modified
Published: 2023-04-10T08:15:07.237
Modified: 2024-10-22T16:35:10.597
Link: CVE-2023-29215
Redhat
No data.