Apache Linkis

18 CVEs affecting Apache Linkis. Latest disclosed: 2026-01-19. Critical: 5, High: 7.

Top CVEs affecting Apache Linkis
CVESeverityScorePublishedSummary
CVE-2023-29216Critical9.82023-04-10In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a…
CVE-2023-29215Critical9.82023-04-10In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Mod…
CVE-2023-27603Critical9.82023-04-10 In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a p…
CVE-2023-27602Critical9.82023-04-10In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users u…
CVE-2023-27987Critical9.12023-04-10 In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default tok…
CVE-2024-27181High8.82024-08-02In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token…
CVE-2023-49566High8.82024-07-15 In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager…
CVE-2023-46801High8.82024-07-15 In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_2…
CVE-2022-44645High8.82023-01-31In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attack…
CVE-2022-39944High8.82022-10-26In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attack…
CVE-2025-29847High7.52026-01-19A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL p…
CVE-2024-39928High7.52024-09-25In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons…
CVE-2025-59355Medium6.52026-01-19A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in t…
CVE-2023-41916Medium6.52024-07-15 In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manag…
CVE-2022-44644Medium6.52023-01-31In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecti…
CVE-2024-45627Medium5.92025-01-14In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manage…
CVE-2023-50740Medium5.32024-03-06In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade th…
CVE-2024-27182Medium4.92024-08-02In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by…