File Reading Vulnerability in Apache Linkis DataSource Manager Module
CVE-2024-45627

Currently unrated

Key Information:

Vendor: Apache Software Foundation
Status: Apache Linkis
Vendor: CVE Published:; 14 January 2025

🔔 Create Apache Software Foundation Vulnerability Alert

What is CVE-2024-45627?

A vulnerability exists in the DataSource Manager Module of Apache Linkis versions prior to 1.7.0, whereby insufficient filtering of input parameters may allow an attacker with valid authorized access to configure malicious MySQL JDBC parameters. This configuration can enable the attacker to read arbitrary files from the Linkis server, potentially leading to unauthorized information disclosure. To mitigate this risk, it is recommended that users update to Linkis version 1.7.0 or above, where proper parameter blacklisting has been implemented to enhance security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2025/01/14/1

https://lists.apache.org/thread/0zzx8lldwoqgzq98mg61hojgp...

Timeline

Vulnerability published
Jan 14, 2025

JSON

Apache Software Foundation

What is CVE-2024-45627?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.