Homepage
About Snyk

org.apache.linkis:linkis-common@1.5.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.linkis:linkis-common package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Incorrect Permission Assignment for Critical Resource

org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines.

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource. An attacker can gain unauthorized access to the Token information and escalate privileges by exploiting this vulnerability.

Note:

This is only exploitable if the attacker has initial access as a trusted user.

How to fix Incorrect Permission Assignment for Critical Resource?

Upgrade org.apache.linkis:linkis-common to version 1.6.0 or higher.

[,1.6.0)
  • M
Files or Directories Accessible to External Parties

org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines.

Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to the lack of effective filtering of parameters. An attacker can trigger arbitrary file reading by configuring malicious Mysql JDBC parameters in the DataSource Manager Module.

How to fix Files or Directories Accessible to External Parties?

Upgrade org.apache.linkis:linkis-common to version 1.6.0 or higher.

[1.4.0,1.6.0)
  • H
Deserialization of Untrusted Data

org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the data source management module when adding a Mysql data source. An attacker can inject and execute malicious files on the server by exploiting the deserialization vulnerability via jrmp. This is only exploitable if the attacker has obtained an authorized account from Linkis.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.linkis:linkis-common to version 1.6.0 or higher.

[,1.6.0)
  • H
Deserialization of Untrusted Data

org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the lack of effective filtering of db2 parameters. An attacker can execute unauthorized code or commands by configuring malicious db2 parameters in the DataSource Manager Module. This is only exploitable if the attacker obtains an authorized account from Linkis.

Exploiting this vulnerability could result in arbitrary file reading.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.linkis:linkis-common to version 1.6.0 or higher.

[,1.6.0)
Go back to all versions of this package