CVE-2022-39944

Published: Oct 26, 2022

Modified: May 7, 2025

PUBLISHED

Description

In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0.

Vendor	Product	Versions
Apache Software Foundation	Apache Linkis	affected `Apache Linkis - <= 1.2.0`

References

https://lists.apache.org/thread/rxytj48q17304snonjtyt5lnlw64gccc

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-39944

Description

Affected Products

References