CVE-2023-49566

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49566
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49566.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49566
Aliases
Published
2024-07-15T08:15:02Z
Modified
2025-03-27T16:15:20Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious

db2

parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. 

This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.

Versions of Apache Linkis

<=1.5.0

will be affected. We recommend users upgrade the version of Linkis to version 1.6.0.

References

Affected packages

Git / github.com/apache/incubator-linkis

Affected ranges

Type
GIT
Repo
https://github.com/apache/incubator-linkis
Events