org.apache.linkis:linkis-common@1.4.0 vulnerabilities
-
latest version
1.6.0
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
5 months ago
-
licenses detected
- [1.0.3,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.linkis:linkis-common package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource. An attacker can gain unauthorized access to the Token information and escalate privileges by exploiting this vulnerability. Note: This is only exploitable if the attacker has initial access as a trusted user. How to fix Incorrect Permission Assignment for Critical Resource? Upgrade |
[,1.6.0)
|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to the lack of effective filtering of parameters. An attacker can trigger arbitrary file reading by configuring malicious Mysql JDBC parameters in the DataSource Manager Module. How to fix Files or Directories Accessible to External Parties? Upgrade |
[1.4.0,1.6.0)
|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the data source management module when adding a Mysql data source. An attacker can inject and execute malicious files on the server by exploiting the deserialization vulnerability via jrmp. This is only exploitable if the attacker has obtained an authorized account from Linkis. How to fix Deserialization of Untrusted Data? Upgrade |
[,1.6.0)
|
org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the lack of effective filtering of db2 parameters. An attacker can execute unauthorized code or commands by configuring malicious db2 parameters in the DataSource Manager Module. This is only exploitable if the attacker obtains an authorized account from Linkis. Exploiting this vulnerability could result in arbitrary file reading. How to fix Deserialization of Untrusted Data? Upgrade |
[,1.6.0)
|