漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
Vulnerability Description
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously check if the connection information contains the "%" character; if it does, perform URL decoding. Users are recommended to upgrade to version 1.8.0, which fixes the issue. More questions about this vulnerability can be discussed here: https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Apache Linkis 安全漏洞
Vulnerability Description
Apache Linkis是美国阿帕奇(Apache)基金会的一款中间件产品,可以在上层应用和底层数据引擎之间建立起有效的连接。 Apache Linkis 1.7.0及之前版本存在安全漏洞,该漏洞源于前端配置的URL参数经过多轮URL编码可能绕过系统检查,可能导致通过JDBC参数未经授权访问系统文件。
CVSS Information
N/A
Vulnerability Type
N/A