Vulnerabilities > Apache > Linkis > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-15 | CVE-2023-46801 | Deserialization of Untrusted Data vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. | 8.8 |
| 2024-07-15 | CVE-2023-49566 | Deserialization of Untrusted Data vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. | 8.8 |
| 2023-01-31 | CVE-2022-44645 | Deserialization of Untrusted Data vulnerability in Apache Linkis In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. | 8.8 |
| 2022-10-26 | CVE-2022-39944 | Deserialization of Untrusted Data vulnerability in Apache Linkis In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. | 8.8 |