{"schema_version": "1.6.1", "id": "CVE-2022-44645", "summary": "The DatasourceManager module has a serialization attack vulnerability", "details": "\nIn Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, a deserialization vulnerability with possible remote code execution impact exists when an attacker has to write access to a database and configures new data source with a MySQL data source and malicious parameters. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.\n\nWe recommend users upgrade the version of Linkis to version 1.3.1.\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"last_affected": "0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/zlcfmvt65blqc4n6fxypg6f0ns8fqfz4"}]}