Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-qm2h-m799-86rc: Apache Linkis JDBC EngineConn has deserialization vulnerability

In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EngineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Users should upgrade their version of Linkis to version 1.3.2.

ghsa
Open in Source
#sql#vulnerability#apache#git#rce

Apache Linkis JDBC EngineConn has deserialization vulnerability

High severity GitHub Reviewed Published Apr 10, 2023 to the GitHub Advisory Database • Updated Apr 10, 2023

Related news

CVE-2023-29215

In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
ghsa