Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.linkis/linkis-datasource@1.6.0
purl pkg:maven/org.apache.linkis/linkis-datasource@1.6.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-5egf-pvh8-rfew In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected.  We recommend users upgrade the version of Linkis to version 1.5.0. CVE-2023-41916
GHSA-f22j-9j59-33j4
VCID-gkdr-ddv2-hbhk In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.  We recommend that users upgrade the java version to >= 1.8.0_241. Or users upgrade Linkis to version 1.6.0. CVE-2023-46801
GHSA-jjvc-v8gw-5255
VCID-qjn8-9ben-wuef In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted.  This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis <=1.5.0 will be affected. We recommend users upgrade the version of Linkis to version 1.6.0. CVE-2023-49566
GHSA-7qpc-4xx9-x5qw

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T19:35:12.395977+00:00 GitLab Importer Fixing VCID-gkdr-ddv2-hbhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.linkis/linkis-datasource/CVE-2023-46801.yml 38.6.0
2026-06-12T19:35:12.105707+00:00 GitLab Importer Fixing VCID-5egf-pvh8-rfew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.linkis/linkis-datasource/CVE-2023-41916.yml 38.6.0
2026-06-12T19:35:11.993606+00:00 GitLab Importer Fixing VCID-qjn8-9ben-wuef https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.linkis/linkis-datasource/CVE-2023-49566.yml 38.6.0
2026-06-12T07:43:50.624545+00:00 GithubOSV Importer Fixing VCID-gkdr-ddv2-hbhk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-jjvc-v8gw-5255/GHSA-jjvc-v8gw-5255.json 38.6.0
2026-06-12T07:43:43.446506+00:00 GithubOSV Importer Fixing VCID-qjn8-9ben-wuef https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-7qpc-4xx9-x5qw/GHSA-7qpc-4xx9-x5qw.json 38.6.0
2026-06-12T07:43:35.718854+00:00 GithubOSV Importer Fixing VCID-5egf-pvh8-rfew https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-f22j-9j59-33j4/GHSA-f22j-9j59-33j4.json 38.6.0
2026-06-11T20:35:34.333700+00:00 GHSA Importer Fixing VCID-qjn8-9ben-wuef https://github.com/advisories/GHSA-7qpc-4xx9-x5qw 38.6.0
2026-06-11T20:35:34.304210+00:00 GHSA Importer Fixing VCID-gkdr-ddv2-hbhk https://github.com/advisories/GHSA-jjvc-v8gw-5255 38.6.0
2026-06-11T20:35:34.272435+00:00 GHSA Importer Fixing VCID-5egf-pvh8-rfew https://github.com/advisories/GHSA-f22j-9j59-33j4 38.6.0