**CVE-2023-46801: Apache Linkis DataSource: Remote code execution vulnerability in Apache Linkis 1.4.0** **Severity:** Moderate **Affected Versions:** - Apache Linkis DataSource 1.4.0 before 1.6.0 **Description:** In Apache Linkis <= 1.5.0, the data source management module contains a remote code execution vulnerability when adding a MySQL data source, affecting Java versions below 1.8.0_241. The vulnerability arises from a deserialization flaw that can be exploited via JRMP to inject malicious files into the server and execute them. This attack requires the attacker to first obtain an authorized account on the Linkis system. To mitigate the risk, users are advised to upgrade their Java version to 1.8.0_241 or higher, or upgrade Linkis to version 1.6.0 or later. **Credit:** Pho3n1x (reporter) **References:** - https://linkis.apache.org - https://www.cve.org/CVERecord?id=CVE-2023-46801