org.apache.linkis:linkis-datasource
Maven4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.linkis:linkis-datasourcepage 1 of 1
- CVE-2023-29216CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.3.22023-04-10
vulnerable: 1.1.0 ... 1.3.1 (7 versions)
In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading t…
- CVE-2023-41916MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.6.02024-07-15
vulnerable: 1.4.0, 1.5.0
In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the…
- CVE-2023-46801HIGHCVSS 8.8EG 8.8✓ Fixed in 1.6.02024-07-15
vulnerable: 1.4.0, 1.5.0
In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject maliciou…
- CVE-2023-49566HIGHCVSS 8.8EG 8.8✓ Fixed in 1.6.02024-07-15
vulnerable: 1.1.0 ... 1.5.0 (10 versions)
In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL…
Check whether org.apache.linkis:linkis-datasource is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.linkis:linkis-datasource CVEs against the assets you own.
Start Free Scan →