Apache Linkis vulnerabilities

CVE-2025-29847 [HIGH] CWE-20 CVE-2025-29847: A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to sys

CVE-2025-59355 [MEDIUM] CWE-532 CVE-2025-59355: A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 de A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will be left in the log files when dec

CVE-2024-45627 [MEDIUM] CWE-552 CVE-2024-45627: In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuri In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to ob

CVE-2024-39928 [HIGH] CWE-326 CVE-2024-39928: In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

CVE-2024-27181 [HIGH] CWE-269 CVE-2024-27181: In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking us In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.

CVE-2024-27182 [MEDIUM] CWE-552 CVE-2024-27182: In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.

CVE-2023-46801 [HIGH] CWE-502 CVE-2023-46801: In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists rem In Apache Linkis = 1.8.0_241. Or users upgrade Linkis to version 1.6.0.

CVE-2023-49566 [HIGH] CWE-502 CVE-2023-49566: In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configu In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can b

CVE-2023-41916 [MEDIUM] CWE-552 CVE-2023-41916: In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configur In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Link

CVE-2023-50740 [MEDIUM] CWE-532 CVE-2023-50740: In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of th In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0

CVE-2023-27987 [CRITICAL] CWE-326 CVE-2023-27987: In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token au

CVE-2023-27603 [CRITICAL] CWE-22 CVE-2023-27603: In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.

CVE-2023-29215 [CRITICAL] CWE-502 CVE-2023-29215: In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configur In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linki

CVE-2023-29216 [CRITICAL] CWE-502 CVE-2023-29216: In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the v

CVE-2023-27602 [CRITICAL] CWE-434 CVE-2023-27602: In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=tru

CVE-2022-44645 [HIGH] CWE-502 CVE-2022-44645: In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apa

CVE-2022-44644 [MEDIUM] CWE-20 CVE-2022-44644: In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenti In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will b

CVE-2022-39944 [HIGH] CWE-502 CVE-2022-39944: In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache L