CVE-2023-29215
In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.
| Software | From | Fixed in |
|---|---|---|
| apache / linkis | - | 1.3.1.x |
org.apache.linkis / linkis-engineconn
|
- | 1.3.2 |
- http://www.openwall.com/lists/oss-security/2023/04/10/4
- https://github.com/apache/linkis/commit/7005c01d7f7bca78322447f4f2f32b8398645687
- https://linkis.apache.org/download/release-notes-1.3.2
- https://linkis.apache.org/download/release-notes-1.3.2/
- https://lists.apache.org/thread/o682wz1ggq491ybvjwokxvcdtnzo76ls
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime