In Apache Linkis <=1.5.0, due to the lack of effective filtering
of parameters, an attacker configuring malicious 
db2
 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. 
This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.
 Versions of Apache Linkis 
<=1.5.0
 will be affected.
We recommend users upgrade the version of Linkis to version 1.6.0.
                
            Metrics
Affected Vendors & Products
References
        History
                    Thu, 27 Mar 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Fri, 13 Sep 2024 18:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: apache
Published: 2024-07-15T07:56:51.500Z
Updated: 2025-03-27T15:35:11.826Z
Reserved: 2023-11-27T12:52:53.546Z
Link: CVE-2023-49566
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-09-13T17:03:59.885Z
 NVD
                        NVD
                    Status : Modified
Published: 2024-07-15T08:15:02.367
Modified: 2025-03-27T16:15:20.207
Link: CVE-2023-49566
 Redhat
                        Redhat
                    No data.