In Apache Linkis <=1.3.1, because the parameters are not
effectively filtered, the attacker uses the MySQL data source and malicious parameters to
configure a new data source to trigger a deserialization vulnerability, eventually leading to
remote code execution.
Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-04-10T07:37:29.383Z
Updated: 2024-10-22T15:21:53.575Z
Reserved: 2023-04-03T15:04:14.339Z
Link: CVE-2023-29216
Vulnrichment
Updated: 2024-08-02T14:00:15.897Z
NVD
Status : Modified
Published: 2023-04-10T08:15:07.290
Modified: 2024-11-21T07:56:43.983
Link: CVE-2023-29216
Redhat
No data.