CVE-2022-44645 | Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users to upgrade the version of Linkis to version 1.3.1.
Conclusion & alert: CVE-2022-44645 is rated Moderate Risk (63.3/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.95%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2022-44645
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).