org.apache.linkis:linkis-common@1.1.2 vulnerabilities
-
latest version
1.6.0
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
5 months ago
-
licenses detected
- [1.0.3,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.linkis:linkis-common package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource. An attacker can gain unauthorized access to the Token information and escalate privileges by exploiting this vulnerability. Note: This is only exploitable if the attacker has initial access as a trusted user. How to fix Incorrect Permission Assignment for Critical Resource? Upgrade |
[,1.6.0)
|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the data source management module when adding a Mysql data source. An attacker can inject and execute malicious files on the server by exploiting the deserialization vulnerability via jrmp. This is only exploitable if the attacker has obtained an authorized account from Linkis. How to fix Deserialization of Untrusted Data? Upgrade |
[,1.6.0)
|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the lack of effective filtering of db2 parameters. An attacker can execute unauthorized code or commands by configuring malicious db2 parameters in the DataSource Manager Module. This is only exploitable if the attacker obtains an authorized account from Linkis. Exploiting this vulnerability could result in arbitrary file reading. How to fix Deserialization of Untrusted Data? Upgrade |
[,1.6.0)
|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the parameters not being effectively filtered, allowing an attacker to use the MySQL data source and malicious parameters to configure a new data source and trigger the vulnerability. How to fix Deserialization of Untrusted Data? Upgrade |
[,1.3.2)
|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to the Manager module How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade |
[,1.3.2)
|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JDBC EengineConn Module when configuring Mysql JDBC parameters. This can lead to remote code execution. How to fix Deserialization of Untrusted Data? Upgrade |
[,1.3.2)
|