Zac

**Name of the Vulnerable Software and Affected Versions** Apache Linkis versions 1.2.0 and earlier **Description** A deserialization vulnerability exists in Apache Linkis when used with the MySQL Connector/J, potentially allowing remote code execution if an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. The issue is related to the restoration of untrusted data in memory. **Recommendations** For Apache Linkis versions 1.2.0 and earlier, update to version 1.3.0 to resolve the issue. As a temporary workaround, consider blacklisting parameters in the jdbc url to minimize the risk of exploitation.