cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-44644,https://securityvulnerability.io/vulnerability/CVE-2022-44644,Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability,"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. 

We recommend users upgrade the version of Linkis to version 1.3.1
",Apache,Apache Linkis (incubating),6.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-01-31T09:40:52.676Z,0
CVE-2022-44645,https://securityvulnerability.io/vulnerability/CVE-2022-44645,Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability,"Apache Linkis versions up to 1.3.0 contain a deserialization vulnerability when integrated with MySQL Connector/J. If an attacker possesses write access to the database and configures a new datasource with malicious parameters, they may exploit this flaw to execute arbitrary code remotely. To mitigate this issue, it is crucial to blacklist certain parameters within the JDBC URL and upgrade to Linkis version 1.3.1 or later.",Apache,Apache Linkis (incubating),8.8,HIGH,0.0027699999045580626,false,,false,false,false,,,false,false,,2023-01-31T09:38:07.355Z,0