CVE-2023-29216

CVE-2023-29216: Apache Linkis DatasourceManager module has a deserialization command execution

Vendor Apache Software Foundation

Product Apache Linkis

Weakness CWE-502 · Unsafe deserialization

Published April 10, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.

Key dates

Disclosure timeline

April 10, 2023 CVE published

February 13, 2025 Record updated