GHSA-5jfw-gq64-q45f: HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

GHSA-hrxh-9w67-g4cv: Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata

GHSA-m5vv-7jxc-8p6x: Redaxo Core CMS Cross Site Scripting (XSS)

GHSA-p7f6-8mcm-fwv3: Statamic CMS has a Path Traversal in Asset Upload

GHSA-2x2g-32r7-p4x8: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. This issue is patched in version 1.3.0, and users are recommended to upgrade.

**Apache Linkis subject to Remote Code Execution via deserialization**

Moderate severity GitHub Reviewed Published Oct 26, 2022 • Updated Oct 27, 2022

Headline

GHSA-3f3w-gmqf-4hj3: Apache Linkis subject to Remote Code Execution via deserialization

ghsa: Latest News