Apache Linkis DatasourceManager module has a deserialization command execution
CVE-2023-29216
9.8CRITICAL
What is CVE-2023-29216?
In Apache Linkis versions up to 1.3.1, attackers can exploit a deserialization vulnerability due to insufficient parameter filtering. By using a MySQL data source with malicious configurations, an attacker can potentially execute arbitrary code remotely. Users are advised to upgrade to version 1.3.2 to mitigate this risk.
Affected Version(s)
Apache Linkis 0 <= 1.3.1