CVE-2023-29216

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.1 and earlier

Description The issue arises because parameters are not effectively filtered in Apache Linkis, allowing an attacker to use the MySQL data source and malicious parameters to configure a new data source. This triggers a deserialization vulnerability, eventually leading to remote code execution.

Recommendations For Apache Linkis versions 1.3.1 and earlier, upgrade the version of Linkis to version 1.3.2.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2023-29216

GHSA-RRHF-32RQ-F28H

Affected Products

Apache Linkis

CVE-2023-29216

Weakness Enumeration

Related Identifiers

Affected Products

References · 8