Apache Software Foundation Apache Linkis Datasource vulnerabilities

CVE-2023-46801 [HIGH] CWE-502 CVE-2023-46801: In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists rem In Apache Linkis = 1.8.0_241. Or users upgrade Linkis to version 1.6.0.

CVE-2023-49566 [HIGH] CWE-502 CVE-2023-49566: In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configu In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can b

CVE-2023-41916 [MEDIUM] CWE-552 CVE-2023-41916: In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configur In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Link

CVE-2023-50740 [MEDIUM] CWE-532 CVE-2023-50740: In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of th In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0