cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-41916,https://securityvulnerability.io/vulnerability/CVE-2023-41916,Arbitrary File Reading Vulnerability in Apache Linkis = 1.4.0,"In Apache Linkis version 1.4.0, a vulnerability exists that allows an attacker with an authorized account to exploit the DataSource Manager Module. The flaw arises from inadequate filtering of parameters in the MySQL JDBC configuration. By injecting malicious parameters, an attacker can trigger arbitrary file reading, which could potentially lead to the disclosure of sensitive information. It is crucial that users upgrade to version 1.5.0 to mitigate this risk and protect their systems.",Apache,Apache Linkis Datasource,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-07-15T08:15:00.000Z,0
CVE-2023-49566,https://securityvulnerability.io/vulnerability/CVE-2023-49566,Linkis <=1.5.0 Vulnerable to JNDI Injection due to Inadequate Parameter Filtering,"In Apache Linkis versions up to 1.5.0, a vulnerability arises from insufficient filtering of parameters in the DataSource Manager Module, allowing an attacker with an authorized account to introduce malicious DB2 parameters leading to jndi injection. To mitigate this risk, it is recommended to blacklist parameters within the DB2 URL. Users are advised to upgrade to version 1.6.0 of Apache Linkis for enhanced security.",Apache,Apache Linkis Datasource,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-07-15T08:15:00.000Z,0
CVE-2023-46801,https://securityvulnerability.io/vulnerability/CVE-2023-46801,Apache Linkis Remote Code Execution Vulnerability,"In Apache Linkis versions up to 1.5.0, a vulnerability exists within the data source management module that can lead to remote code execution. This vulnerability affects systems where MySQL data sources are added and is particularly critical for environments running Java versions less than 1.8.0_241. By exploiting a deserialization flaw through the Java Remote Method Protocol (jrmp), an attacker can inject malicious files into the server, potentially executing arbitrary code. Successful exploitation requires the attacker to possess an authorized account within the Linkis environment, emphasizing the need for robust user access controls. To mitigate this risk, it is advised that users upgrade their Java installations to at least version 1.8.0_241 or upgrade to Apache Linkis version 1.6.0 or later.",Apache,Apache Linkis Datasource,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-07-15T08:15:00.000Z,0
CVE-2023-50740,https://securityvulnerability.io/vulnerability/CVE-2023-50740,Linkis Password Printed to Log in Oracle Data Source Vulnerability,"In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. 
We recommend users upgrade the version of Linkis to version 1.5.0
",Apache,Apache Linkis Datasource,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-06T13:44:53.867Z,0