CVE-2023-50740: Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

March 6, 2024 (updated February 13, 2025)

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0

References

github.com/advisories/GHSA-m757-p8rv-4q93
github.com/apache/linkis
github.com/apache/linkis/commit/08cbcfca140afebae10e1582ee87721578719ded
lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo
nvd.nist.gov/vuln/detail/CVE-2023-50740

Code Behaviors & Features

Detect and mitigate CVE-2023-50740 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →