org.apache.linkis:linkis-metadata-query-service-jdbc@1.3.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.linkis:linkis-metadata-query-service-jdbc package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure Through Log Files

Affected versions of this package are vulnerable to Information Exposure Through Log Files due to the logging mechanism in multiple connector modules. An attacker can gain access to sensitive information, such as database passwords, by accessing the logs.

How to fix Information Exposure Through Log Files?

Upgrade org.apache.linkis:linkis-metadata-query-service-jdbc to version 1.5.0 or higher.

[,1.5.0)
  • C
Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JDBC EengineConn Module when configuring Mysql JDBC parameters. This can lead to remote code execution.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.linkis:linkis-metadata-query-service-jdbc to version 1.3.2 or higher.

[,1.3.2)