1.6.0
2 years ago
5 months ago
Known vulnerabilities in the org.apache.linkis:linkis-engineplugin-jdbc package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the parameters not being effectively filtered, allowing an attacker to use the MySQL data source and malicious parameters to configure a new data source and trigger the vulnerability. How to fix Deserialization of Untrusted Data? Upgrade | [,1.3.2) |
Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JDBC EengineConn Module when configuring Mysql JDBC parameters. This can lead to remote code execution. How to fix Deserialization of Untrusted Data? Upgrade | [,1.3.2) |