Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-rx76-xw35-6rh8: Apache Linkis vulnerable to Exposure of Sensitive Information

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1

ghsa
#sql#vulnerability#apache#git#java#auth#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2022-44644

Apache Linkis vulnerable to Exposure of Sensitive Information

Moderate severity GitHub Reviewed Published Jan 31, 2023 to the GitHub Advisory Database • Updated Feb 2, 2023

Package

maven org.apache.linkis:linkis (Maven)

Affected versions

< 1.3.1

Description

Published to the GitHub Advisory Database

Jan 31, 2023

Published by the National Vulnerability Database

Jan 31, 2023

Related news

CVE-2022-44644

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3