CVE-2022-44645: 
Java vulnerability analysis and mitigation

In Apache Linkis version 1.3.0 and earlier, a deserialization vulnerability was identified when used with MySQL Connector/J. The vulnerability was assigned CVE-2022-44645 and was publicly disclosed on January 31, 2023. The issue affects the DatasourceManager module of Apache Linkis and could potentially lead to remote code execution under specific circumstances (CVE Mitre).

The vulnerability exists in the DatasourceManager module when used in conjunction with MySQL Connector/J. The security flaw manifests when an attacker with write access to a database configures a new datasource with a MySQL data source containing malicious parameters. The vulnerability stems from improper handling of JDBC URL parameters, necessitating the implementation of parameter blacklisting as a security measure (NVD).

The primary impact of this vulnerability is the potential for remote code execution if successfully exploited. This could allow attackers with the necessary database write access to execute arbitrary code on the affected systems (CVE Mitre).

Users are strongly recommended to upgrade to Apache Linkis version 1.3.1 or later, which contains fixes for this vulnerability. The update implements proper parameter blacklisting for JDBC URLs to prevent malicious parameter injection (CVE Mitre).