Vulnerability Database

322,905

Total vulnerabilities in the database

CVE-2023-41916

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected. We recommend users upgrade the version of Linkis to version 1.5.0.

Published: Jul 15, 2024
Updated: Nov 16, 2025
CVE: CVE-2023-41916
GHSA: GHSA-f22j-9j59-33j4
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
org.apache.linkis / linkis-datasource	1.4.0	1.6.0
apache / linkis	1.4.0	1.6.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo