What is CVE-2023-29216?

CVE-2023-29216 is a vulnerability in Apache Linkis <=1.3.1 that allows an attacker to trigger a deserialization vulnerability and achieve remote code execution.

What is the severity of CVE-2023-29216?

The severity of CVE-2023-29216 is critical with a severity value of 9.8 out of 10.

Which versions of Apache Linkis are affected by CVE-2023-29216?

Versions of Apache Linkis up to and including 1.3.1 are affected by CVE-2023-29216.

How can CVE-2023-29216 be fixed?

To fix CVE-2023-29216, it is recommended to update Apache Linkis to a version higher than 1.3.1.

Vulnerability/
CVE-2023-29216

critical

9.8

CWE

502

10/4/2023

22/10/2024

CVE-2023-29216: Apache Linkis DatasourceManager module has a deserialization command execution

Q: What is the severity of CVE-2023-29216?

The severity of CVE-2023-29216 is critical with a severity value of 9.8 out of 10.

Q: How does CVE-2023-29216 work?

CVE-2023-29216 works by allowing an attacker to use the MySQL data source and malicious parameters to configure a new data source, triggering a deserialization vulnerability and leading to remote code execution.

Q: Which versions of Apache Linkis are affected by CVE-2023-29216?

Versions of Apache Linkis up to and including 1.3.1 are affected by CVE-2023-29216.

Q: How can CVE-2023-29216 be fixed?

To fix CVE-2023-29216, it is recommended to update Apache Linkis to a version higher than 1.3.1.

First published: Mon Apr 10 2023(Updated: )

In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache Linkis	<=1.3.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-29216?
CVE-2023-29216 is a vulnerability in Apache Linkis <=1.3.1 that allows an attacker to trigger a deserialization vulnerability and achieve remote code execution.
What is the severity of CVE-2023-29216?
The severity of CVE-2023-29216 is critical with a severity value of 9.8 out of 10.
How does CVE-2023-29216 work?
CVE-2023-29216 works by allowing an attacker to use the MySQL data source and malicious parameters to configure a new data source, triggering a deserialization vulnerability and leading to remote code execution.
Which versions of Apache Linkis are affected by CVE-2023-29216?
Versions of Apache Linkis up to and including 1.3.1 are affected by CVE-2023-29216.
How can CVE-2023-29216 be fixed?
To fix CVE-2023-29216, it is recommended to update Apache Linkis to a version higher than 1.3.1.

collector/nvd-index
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/severity
agent/last-modified-date
agent/author
agent/event
agent/first-publish-date
agent/type
agent/description
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/apache
canonical/apache linkis
version/apache linkis/1.3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.