all InfoSec news
CVE-2023-29215 (linkis)
April 10, 2023, 8:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a
deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2.
apache code code execution cve deserialization jdbc malicious mysql remote code remote code execution trigger upgrade url version version 1 vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-45955 (lightstrip_firmware)
6 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21380 (android)
6 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21385 (android)
6 months, 1 week ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Cybersecurity Engineer III
@ Hexagon US Federal | Huntsville, AL
Cybersecurity Technical Advisor
@ Microsoft | Reading, Berkshire, United Kingdom
Cybersecurity Engineer
@ Mindvalley | Kuala Lumpur, Kuala Lumpur, Malaysia
Network Security (Meraki) Infrastructure Lead
@ Sopra Steria | Noida, Uttar Pradesh, India
Sr. Director, Product Security
@ Ro | New York City or Remote
Senior Research Engineer, Cryptography (PhD Entry Level)
@ Seagate Technology | Shakopee, MN, US