CNNVD-202601-3071 Information

CNNVD ID

CNNVD-202601-3071

Related CVE

CVE-2025-29847

• CNNVD Published: 2026-01-19

Description (Chinese)

Apache Linkis是美国阿帕奇（Apache）基金会的一款中间件产品，可以在上层应用和底层数据引擎之间建立起有效的连接。 Apache Linkis 1.7.0及之前版本存在安全漏洞，该漏洞源于前端配置的URL参数经过多轮URL编码可能绕过系统检查，可能导致通过JDBC参数未经授权访问系统文件。

Description (English)

Apache Linkis is an intermediate product of the Apache Foundation in the United States, which allows for effective connections between upper-level applications and bottom data engines. There is a security loophole in Apache Linkis 1.7.0 and earlier versions, which stems from the front-end configuration of URL parameters that may be bypassed by multiple-wheel URL coding and may lead to unauthorized access to system files via JDBC parameters.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-01-19

Last Modified

2026-02-24

References

https://lists.apache.org/thread/03l5rfkgdt022o75jp8x4tzpqxz8g057 http://www.openwall.com/lists/oss-security/2025/09/19/2

Patch

https://linkis.apache.org/