CVE-2022-44644

Exposure of Sensitive Information to an Unauthorized Actor in maven/org.apache.linkis/linkis

Identifiers

CVE-2022-44644, GHSA-rx76-xw35-6rh8

Package Slug

maven/org.apache.linkis/linkis

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3

Affected Versions

All versions up to 1.3.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-02-02

source