Vulnerabilities > Apache > Linkis > 1.5.0

DATE CVE VULNERABILITY TITLE RISK
2024-08-02 CVE-2024-27182 Files or Directories Accessible to External Parties vulnerability in Apache Linkis 1.3.2/1.4.0/1.5.0
In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.
network
low complexity
apache CWE-552
4.9
4.9
2024-07-15 CVE-2023-41916 Unspecified vulnerability in Apache Linkis 1.4.0/1.5.0
In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading.
network
low complexity
apache
6.5
6.5
2024-07-15 CVE-2023-46801 Unspecified vulnerability in Apache Linkis 1.4.0/1.5.0
In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241.
network
low complexity
apache
8.8
8.8
2024-07-15 CVE-2023-49566 Unspecified vulnerability in Apache Linkis 1.4.0/1.5.0
In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection.
network
low complexity
apache
8.8
8.8