Miggo Logo
Miggo Vulnerability Database
CVE-2022-39944

CVE-2022-39944: Apache Linkis subject to Remote Code Execution via deserialization

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-39944
GHSA ID
GHSA-3f3w-gmqf-4hj3
EPSS Score
0.76692%
CWE
CWE-502
Published
10/26/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.linkis:linkismaven< 1.3.01.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unvalidated JDBC URL parameters in MySQL connections. The MySQL Connector/J is known to be vulnerable to deserialization attacks via parameters like 'autoDeserialize' when attacker-controlled data is processed. Since the mitigation involves parameter blacklisting, the function responsible for building JDBC URLs with user inputs (without proper filtering) would be the entry point. This pattern matches common JDBC URL construction vulnerabilities, and the described attack vector (malicious JDBC EC configuration) directly implicates the JDBC URL building process.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** Linkis <=*.*.* w**n us** wit* t** MySQL *onn**tor/J, * **s*ri*liz*tion vuln*r**ility wit* possi*l* r*mot* *o** *x**ution imp**t *xists w**n *n *tt**k*r **s writ* ****ss to * **t***s* *n* *on*i*ur*s * J*** ** wit* * MySQL **t* sour** *n* m*l

Reasoning

T** vuln*r**ility st*ms *rom unv*li**t** J*** URL p*r*m*t*rs in MySQL *onn**tions. T** MySQL *onn**tor/J is known to ** vuln*r**l* to **s*ri*liz*tion *tt**ks vi* p*r*m*t*rs lik* '*uto**s*ri*liz*' w**n *tt**k*r-*ontroll** **t* is pro**ss**. Sin** t**