Vulnerability CVE-2023-29216


Published: 2023-04-10

Description:

In Apache Linkis <=1.3.1, because the parameters are not
effectively filtered, the attacker uses the MySQL data source and malicious parameters to
configure a new data source to trigger a deserialization vulnerability, eventually leading to
remote code execution.
Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2.


Type:

CWE-502

(Deserialization of Untrusted Data)

 References:
https://lists.apache.org/thread/18vv0m32oy51nzk8tbz13qdl5569y55l

Copyright 2026, cxsecurity.com

 

Back to Top