📦 Linkis

Apache Linkis versions up to 1.3.1 use a default authentication token that is too simple and predictable, allowing attackers to easily guess or obtain it. This vulnerability enables unauthorized acces...

This vulnerability in Apache Linkis allows attackers to execute arbitrary code remotely by exploiting a deserialization flaw when configuring MySQL data sources with malicious parameters. All Apache L...

This vulnerability in Apache Linkis allows unauthenticated attackers to upload arbitrary files to any location on the server due to insufficient path validation in the PublicService module. This affec...

Apache Linkis versions up to 1.5.0 use a cryptographically weak random string generator (Commons Lang's RandomStringUtils) for Py4j token generation in Spark EngineConn. This vulnerability could allow...

Apache Linkis versions up to 1.5.0 contain a privilege escalation vulnerability where trusted accounts can access token information they shouldn't have permission to view. This allows attackers with t...

This vulnerability allows authenticated attackers to execute arbitrary code on Apache Linkis servers by exploiting Java deserialization when adding MySQL data sources. It affects Apache Linkis version...

This vulnerability in Apache Linkis allows authenticated attackers to read arbitrary files from the server by injecting malicious MySQL JDBC parameters. It affects Apache Linkis versions before 1.7.0....

Apache Linkis versions up to 1.4.0 have a vulnerability where attackers with authorized accounts can configure malicious MySQL JDBC parameters to trigger arbitrary file reading. This occurs due to ins...