In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.
History

Tue, 22 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-04-10T07:37:29.383Z

Updated: 2024-10-22T15:21:53.575Z

Reserved: 2023-04-03T15:04:14.339Z

Link: CVE-2023-29216

cve-icon Vulnrichment

Updated: 2024-08-02T14:00:15.897Z

cve-icon NVD

Status : Modified

Published: 2023-04-10T08:15:07.290

Modified: 2024-10-22T16:35:10.780

Link: CVE-2023-29216

cve-icon Redhat

No data.