Headline
GHSA-rx76-xw35-6rh8: Apache Linkis vulnerable to Exposure of Sensitive Information
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-44644
Apache Linkis vulnerable to Exposure of Sensitive Information
Moderate severity GitHub Reviewed Published Jan 31, 2023 to the GitHub Advisory Database • Updated Feb 2, 2023
Package
maven org.apache.linkis:linkis (Maven)
Affected versions
< 1.3.1
Description
Published to the GitHub Advisory Database
Jan 31, 2023
Published by the National Vulnerability Database
Jan 31, 2023
Related news
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3