PT-2024-5100 · Apache · Apache Linkis
Pho3N1X
·
Published
2024-07-13
·
Updated
2024-08-01
·
CVE-2023-46801
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Apache Linkis versions <= 1.5.0
Description:
The issue is related to a deserialization vulnerability in the MySQL Data Source Handler component of Apache Linkis, which can be exploited for remote code execution. This can be achieved by injecting malicious files into the server through jrmp. The attack requires the attacker to have an authorized account from Linkis.
Recommendations:
For Apache Linkis versions <= 1.5.0, upgrade the Java version to >= 1.8.0 241.
For Apache Linkis versions <= 1.5.0, upgrade Linkis to version 1.6.0.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Linkis