org.apache.linkis:linkis (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.linkis:linkis, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2023-27602 — CVSS 9.8 (critical): In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We…
CVE-2023-27603 — CVSS 9.8 (critical): In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which…
CVE-2023-27987 — CVSS 9.1 (critical): In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to…
CVE-2022-39944 — CVSS 8.8 (high): In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact…
CVE-2022-44645 — CVSS 8.8 (high): In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact…
CVE-2024-27181 — CVSS 8.8 (high): In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to…
CVE-2025-29847 — CVSS 7.5 (high): A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source…
CVE-2022-44644 — CVSS 6.5 (medium): In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary…
CVE-2023-50740 — CVSS 5.3 (medium): In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We…
CVE-2024-27182 — CVSS 4.9 (medium): In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any…