Tian Xin Wu

**Name of the Vulnerable Software and Affected Versions** Apache Linkis versions 1.3.0 and earlier **Description** A deserialization vulnerability exists in Apache Linkis when used with the MySQL Connector/J, allowing for possible remote code execution impact. This occurs when an attacker has write access to a database and configures a new datasource with a MySQL data source and malicious parameters. The parameters in the jdbc url should be blacklisted to prevent exploitation. **Recommendations** For Apache Linkis versions 1.3.0 and earlier, upgrade to version 1.3.1 to resolve the issue. As a temporary workaround, consider blacklisting malicious parameters in the jdbc url to minimize the risk of exploitation. Restrict access to the MySQL Connector/J to prevent attackers from configuring new datasources with malicious parameters.