Vulnerabilities > Apache > Linkis > 0.6.0

DATE CVE VULNERABILITY TITLE RISK
2023-01-31 CVE-2022-44644 Improper Input Validation vulnerability in Apache Linkis
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter.
network
low complexity
apache CWE-20
6.5
6.5
2023-01-31 CVE-2022-44645 Deserialization of Untrusted Data vulnerability in Apache Linkis
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters.
network
low complexity
apache CWE-502
8.8
8.8
2022-10-26 CVE-2022-39944 Deserialization of Untrusted Data vulnerability in Apache Linkis
In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters.
network
low complexity
apache CWE-502
8.8
8.8