In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their version of Linkis to version 1.3.2.

Affected Packages

Maven org.apache.linkis:linkis-datasource

Affected versions: 0 (fixed in 1.3.2)

Related CVEs

CVE-2023-29216

Key Information

GHSA ID

GHSA-rrhf-32rq-f28h

Published

April 10, 2023 9:30 AM

Last Modified

February 13, 2025 6:54 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.linkis:linkis-datasource

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.