CNNVD-202601-3070 Information

CNNVD ID

CNNVD-202601-3070

Related CVE

CVE-2025-59355

• CNNVD Published: 2026-01-19

Description (Chinese)

Apache Linkis是美国阿帕奇（Apache）基金会的一款中间件产品，可以在上层应用和底层数据引擎之间建立起有效的连接。 Apache Linkis 1.7.0及之前版本存在安全漏洞，该漏洞源于Base64解码失败时在日志中记录完整输入参数字符串，可能导致敏感信息泄露。

Description (English)

Apache Linkis is an intermediate product of the Apache Foundation in the United States, which allows for effective connections between upper-level applications and bottom data engines. There is a security loophole in Apache Linkis 1.7.0 and earlier versions, which stems from recording the full input parameter string in the log when the Base64 decodes failed, which may lead to the disclosure of sensitive information.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-01-19

Last Modified

2026-02-24

References

https://lists.apache.org/thread/4dcgmqdkk2p5y4k43ok5rgd4ylx8698h https://lists.apache.org/thread/75z7vhftw6w1mllndgpkfmcj0fzo4lbj http://www.openwall.com/lists/oss-security/2025/09/19/1

Patch

https://linkis.apache.org/