VulnerableCode Package Details - pkg:maven/org.apache.linkis/linkis@1.3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-k2nt-5799-zfcq Aliases: CVE-2023-29216 GHSA-rrhf-32rq-f28h	Apache Linkis DatasourceManager module has deserialization vulnerability In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their version of Linkis to version 1.3.2.	1.3.2 Affected by 0 other vulnerabilities.
VCID-up1e-7r5s-jbgr Aliases: CVE-2023-29215 GHSA-qm2h-m799-86rc	Apache Linkis JDBC EngineConn has deserialization vulnerability In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.	1.3.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-k2nt-5799-zfcq
Aliases:
CVE-2023-29216
GHSA-rrhf-32rq-f28h

Apache Linkis DatasourceManager module has deserialization vulnerability In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their version of Linkis to version 1.3.2.

1.3.2
Affected by 0 other vulnerabilities.

VCID-up1e-7r5s-jbgr
Aliases:
CVE-2023-29215
GHSA-qm2h-m799-86rc

Apache Linkis JDBC EngineConn has deserialization vulnerability In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.

1.3.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4qm8-61y3-nqe7	Deserialization of Untrusted Data In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1.	CVE-2022-44645 GHSA-h6w8-52mq-4qxc
VCID-t751-vbrf-pydw	Exposure of Sensitive Information to an Unauthorized Actor In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3	CVE-2022-44644 GHSA-rx76-xw35-6rh8

Vulnerability

Summary

Aliases

VCID-4qm8-61y3-nqe7

Deserialization of Untrusted Data In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1.

CVE-2022-44645
GHSA-h6w8-52mq-4qxc

VCID-t751-vbrf-pydw

Exposure of Sensitive Information to an Unauthorized Actor In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3

CVE-2022-44644
GHSA-rx76-xw35-6rh8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T21:35:02.497842+00:00	GHSA Importer	Fixing	VCID-4qm8-61y3-nqe7	https://github.com/advisories/GHSA-h6w8-52mq-4qxc	38.6.0
2026-05-31T21:35:02.461461+00:00	GHSA Importer	Fixing	VCID-t751-vbrf-pydw	https://github.com/advisories/GHSA-rx76-xw35-6rh8	38.6.0
2026-05-31T11:05:50.475773+00:00	GithubOSV Importer	Fixing	VCID-t751-vbrf-pydw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-rx76-xw35-6rh8/GHSA-rx76-xw35-6rh8.json	38.6.0
2026-05-31T11:05:42.891584+00:00	GithubOSV Importer	Fixing	VCID-4qm8-61y3-nqe7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-h6w8-52mq-4qxc/GHSA-h6w8-52mq-4qxc.json	38.6.0
2026-05-30T21:00:16.732032+00:00	GitLab Importer	Affected by	VCID-k2nt-5799-zfcq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.linkis/linkis/CVE-2023-29216.yml	38.6.0
2026-05-30T21:00:16.544931+00:00	GitLab Importer	Affected by	VCID-up1e-7r5s-jbgr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.linkis/linkis/CVE-2023-29215.yml	38.6.0