Every CVE whose affected-product data names Apache Linkis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2023-29215 — CVSS 9.8 (critical): In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in…
CVE-2023-29216 — CVSS 9.8 (critical): In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious…
CVE-2023-27602 — CVSS 9.8 (critical): In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We…
CVE-2023-27603 — CVSS 9.8 (critical): In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which…
CVE-2023-27987 — CVSS 9.1 (critical): In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to…
CVE-2022-39944 — CVSS 8.8 (high): In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact…
CVE-2022-44645 — CVSS 8.8 (high): In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact…
CVE-2023-46801 — CVSS 8.8 (high): In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for…
CVE-2023-49566 — CVSS 8.8 (high): In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the…
CVE-2024-27181 — CVSS 8.8 (high): In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to…
CVE-2025-29847 — CVSS 7.5 (high): A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source…
CVE-2024-39928 — CVSS 7.5 (high): In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting…
CVE-2025-59355 — CVSS 6.5 (medium): A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input…
CVE-2022-44644 — CVSS 6.5 (medium): In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary…
CVE-2023-41916 — CVSS 6.5 (medium): In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in…
CVE-2024-45627 — CVSS 5.9 (medium): In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in…
CVE-2023-50740 — CVSS 5.3 (medium): In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We…
CVE-2024-27182 — CVSS 4.9 (medium): In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any…