CVE-2022-44644

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.  We recommend users upgrade the version of Linkis to version 1.3.1

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.  We recommend users upgrade the version of Linkis to version 1.3.1

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1

En Apache Linkis &lt;=1.3.0, cuando se usa con MySQL Connector/J en el módulo de fuente de datos, un atacante autenticado podría leer archivos locales arbitrarios conectando un servidor MySQL no autorizado, agregando enableLoadLocalInfile a verdadero en el parámetro JDBC. Por lo tanto, los parámetros en la URL de JDBC deben estar en la lista negra. Las versiones de Apache Linkis &lt;=1.3.0 se verán afectadas. Recomendamos a los usuarios actualizar la versión de Linkis a la versión 1.3.1