Headline
GHSA-rrhf-32rq-f28h: Apache Linkis DatasourceManager module has deserialization vulnerability
In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their version of Linkis to version 1.3.2.
Apache Linkis DatasourceManager module has deserialization vulnerability
High severity GitHub Reviewed Published Apr 10, 2023 to the GitHub Advisory Database • Updated Apr 10, 2023
Related news
In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.