Apache Linkis DataSource: DataSource Remote code execution vulnerability

In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.  We recommend that users upgrade the java version to >= 1.8.0_241. Or users upgrade Linkis to version 1.6.0.

N/A

可信数据的反序列化

Apache Linkis 代码问题漏洞

Apache Linkis是美国阿帕奇（Apache）基金会的一款中间件产品，可以在上层应用和底层数据引擎之间建立起有效的连接。 Apache Linkis 1.6.0之前版本存在代码问题漏洞，该漏洞源于数据源管理模块在添加Mysql数据源时，存在远程代码执行漏洞，可以将恶意文件注入服务器并执行。

N/A

N/A