CVE-2022-44645 Information

Feb 01, 2023 cve

Description

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1.

Reference

https://lists.apache.org/thread/zlcfmvt65blqc4n6fxypg6f0ns8fqfz4 In Apache Linkis <=1.3.0 when used with the MySQL Connector/J a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1.

Share on: