QwikSec

Security Database

CVE

CWE

Training

CVE-2023-29216

Published: Apr 10, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.

Vendor	Product	Versions
Apache Software Foundation	Apache Linkis	affected `0 - <= 1.3.1`

Weaknesses (CWE)

References

https://lists.apache.org/thread/18vv0m32oy51nzk8tbz13qdl5569y55l

vendor-advisory

mailing-list

http://www.openwall.com/lists/oss-security/2023/04/10/5

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.